Game of Thrones: A Tale of Fire(walls) and ICE (Infiltrating Cyber Espionage)

I first wrote about how cybersecurity is similar to Game Of Thrones a couple of years ago, but the worlds of Westeros or the SOC don’t stay the same for long. If you’re avid watchers of GOT, or the trends in security - you’ll know that the map has changed, the threat landscape has shifted, and the wall has been breached.

A Changing Landscape

Everyone can, and most likely will, experience a breach – it may take a dragon-like effort to hack in, but we’ve seen that it is possible. Cyber risk and invasions from north of the (fire)wall is now top of mind for leaders of both businesses, and the Seven Kingdoms alike. The tactics, weapons and battles have advanced and evolved over time in both environments, we’ve even seen that just one (spear)phishing attack can take down a lot (a whole dragon-sized lot).

Growing Threats Against Your Defense

Today, The Army Of The Dead (AKA BotNet) is constantly growing. Whether it’s a vulnerable group of Wildlings, or some connected devices - all that are breached are becoming part of an ever-increasing force. The bad guys in GOT have upped their threat level with a dragon - but the good guys still have two. In our world, these “dragons” – are a hugely talented security operations team in the SOC, and your organisations’ data.

Don’t Underestimate The Enemy

Beyond an almighty malware (dragon) and strengthening BOTNet (Army of The Dead) the enemy have other weapons - so now is not the time to underestimate the damage that can be done - much like The Seven Kingdoms, who should be wary of The Mountain (or whatever he’s become). If history is anything to go by, we know he is particularly skilled in brute force attacks, but whilst Bran can use his visions, you can also harness the power of predictions with Machine Learning. Learn from the past and use the right approach to take him/it down before it’s too late (you know, that horrible head/eye thing he seems to love.)

Engage Your Response

So your enemy is through the wall, and they used a once-trusted dragon to do it. What do you do next? First, you plan your response. Time to make sure you get your defences (dragons) SOARing to the rescue. All Ghost (John Snows’ direwolf) related jokes aside – with Splunk Phantom by your side, you’ll be ready with automated orchestration and response of your forces (and your allies) when something bad does happen.

I mentioned your data as being a key part of your armoury. Giving your security team access to your data metaphorically mirrors Sam Tarly - a member of the Night’s Watch - who wear a lot of black...much like your security team, being in the library of The Grand Citadel. Your ability to investigate, ask questions and make breakthroughs from that data at your hands is going to be formative in the battles to come.

Strengthen Your Alliances

Finally, alliances are going to be key; all of the families in Game of Thrones have grouped together in one way or another - it’s just team Lannister that may have to watch out for the insider threat that is Cersei. Today’s shifting and growing threat landscape proves that nobody can do it alone; and for this reason, Splunk has put a huge effort in building many security alliances as part of the Adaptive Operations Framework. If for example, you’re mobilizing your (IT) forces in the cloud faster than an army of Dothraki, then perhaps one of your most critical alliances could be Splunk and AWS (as illustrated by Shell).   

Here’s hoping that the next 6-7 weeks of Game Of Thrones is a lot more exciting than life in your SOC. Enjoy the new series, and as always, thanks for reading.  


Posted by