Security Lessons from Nature – Autotomy
Autotomy is the fancy name that people give to the well-known tendency for certain lizards to throw off their tails to escape predators. The theory, is that the tail will thrash around and distract the predator, thereby giving the lizard a chance to get away. It must be noted that other critters like octopuses, crabs and some starfish also do this, as do sea cucumbers. (Though the sea cucumbers eject their internal organs instead.)
So what does this mean in the business/IT world? Well, the obvious analogy is to distract an incoming attacker by abandoning your resources and letting them go nuts while you relocate your business to Sri Lanka. However, some might consider this approach somewhat impractical.
However, if we stretch the analogy to the point of breaking (much like a lizard’s tail), perhaps it makes sense to build a business strategy around distracting attackers. There are some technologies that could assist with this. A honeypot is often used to trap attacks so that people can learn from them. This has become even easier now that virtualization has become prevalent. All you have to do is join one of many projects and you’ll have a nice fake network to distract attackers.
Another technique is tarpitting. This technology looks at incoming connections, and if they are not approved, it doesn’t reject them right away, but instead extends the time before the connection is closed. Thus, attackers are delayed and, in theory, you gain the time to build a defense.
In practice, of course, you need to actually be watching for the attack and take defensive action. This technique wouldn’t work very well if the lizard dropped it’s tail and then stared dumbly as the dog wrestled the tail into submission, ate it, digested it, napped for a bit, woke up, got a bit hungry than then saw a nearby tasty tailless lizard. So, if you decide to go after this option, you have to remember to “run and hide”. In other words, keep an eye out for the attacks and be ready to block them.