About Andrew Hay

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Chief Information Security Officer (CISO) at DataGravity, Inc., he advocates for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy.

Andrew has served in various roles and responsibilities at a number of companies including OpenDNS (now a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.

Tactics Must Evolve

Throughout history war has become increasingly complex and tactics have evolved to compensate. In ancient times, walls were built to protect your city, foot soldiers made up the bulk of your army, and both sides knew how the battle would play out.

Effective tactics varied greatly, depending on:

  1. The sizes and skill levels of both armies
    • In a mass land battle, on open terrain, usually the army with the largest number of soldiers would win. Smaller armies had to get smarter so generals would change their tactics to attack and defend with smaller numbers.
  2. The unit types of both forces
    • Cavalry was added to the army to allow the outflanking of spear wielding soldiers (pikemen, hoplites, and so on) which forced them to turn and face the charging horsemen. This allowed the attackers archers to fire volley after volley of arrows into the lines of soldiers, who, with their backs turned, were unable to protect themselves from both sides.
  3. Terrain and positional advantages of both armies
    • Most people have heard about the movie 300 which was a decent dramatization of the tactics that Leonidas I used in the battle of Thermopylae. The Spartans held the approaching Persian army at bay with only 300 Spartans, 700 Thespian, 400 Thebans and perhaps a few hundred others. The small pass, which was the only way through to Greece, forced the larger Persian army to send smaller numbers to face the Spartans. The Persians ultimately won the battle but for every one Sprtan/Thespian/Theban soldier that was slain, Persia lost five.
  4. The weather
    • (From The Story of the Invasion of Japan)During the summer of 1281, a combined force of Mongol and Chinese forces prepared for an assault on the western shores of Kyushu, Japan. The Mongol invasion force was a modern army, and its arsenal of weapons was far superior to that of the Japanese. Its soldiers were equipped with poisoned arrows, maces, iron swords, metal javelins and even gunpowder. The Japanese, however, would be forced to defend themselves with bow and arrows, swords, spears made from bamboo and shields made only of wood. Miraculously, as if in answer to Japanese prayers, from out of the south a savage typhoon sprang up and headed toward Kyushu. Its powerful winds screamed up the coast where they struck the Mongol’s invasion fleet with full fury, wreaking havoc on the ships and on the men onboard. The Mongol fleet was devastated. After the typhoon had passed, over 4,000 invasion craft had been lost and the Mongol casualties exceeded 100,000 men.

The point of this little trip through history is that tactics must evolve. Firewalls are no longer the single solution for preventing malicious attackers. If it were, then UTM devices wouldn’t have been invented and there would be no need to NIPS solutions. If all viruses conformed to the same signature then we would not require HIDS/HIPS and behavioral AV solutions installed on our desktops and servers.

I believe that all security professionals should be students of military history and tactics. Seeing what failed for great generals will show us how to adapt to, and defend against, network and system attack situations in the future.

Andrew Hay