What’s North of the Wall? Why cybersecurity is like Game of Thrones.

Cybersecurity winter is coming

With season 7 about to hit our screens, we thought we’d republish this GoT blog. In the year since the original, tech has continued to look like Westeros, with recent Ransomware further tying cybersecurity back to GoT. Hopefully nobody you knew was taken prisoner by the High Sparrow of Ransomware, locked up until you beg forgiveness and forced to take the naked walk of shame by having to pay the old gods of Ransomware and the new.

If you haven’t ever seen Game of Thrones (GoT) it is the story of politics, war, power, dragons and a growing threat from an army of undead (called the White Walkers) north of a massive wall (according to the GoT wiki it is 300 miles long, 700 feet tall and is made of solid ice).


Let’s start there. Most organizations face a huge, faceless, unknown threat from outside their boundaries. That threat isn’t getting any smaller and is growing more complex every day. In GoT, the wall is manned by The Night’s Watch, a small group of soldiers who wear black. That’s your security team. They probably wear black, may not carry swords but are understaffed and it is their superhuman efforts that keep a company (Seven Kingdoms Ltd) safe.

But they are under constant attack and they know that “winter is coming” (GoT speak for the White Walkers getting through the wall). Your security team knows that it is ultimately impossible to keep them outside the wall forever. You will be breached but what do you do when the threat gets through the wall? Also – what happens when the threat is already inside? One of the recent storyline features exactly that – a traitor from within the Night’s Watch. As with all good dramas, there is also a threat from traitors within. GoT has featured a number of betrayals that lead to unpleasant outcomes. Sadly, the same is true with security breaches. The modern security team needs to use data to find possible insider threats.

In Game of Thrones, there are many different families (protected South of the wall) who make it clear that they don’t get on very well with a lot of battles and infighting. These different families all have their own weapons, tactics and skills (Lannisters have the best resources, Greyjoys have the best navy, the clans of the north are hardy and have the best fighters). These are the different silos and departments inside an organization. Each has its own data, tools and processes.

With the growing threat from “North of the Wall” those different families or departments need to stop the infighting and join together to unite against the common enemy outside their boundaries.


Nobody knows how GoT is going to end but we’re halfway through season five now and the different armies are starting to come together and it seems like we’re lining up for a series of telling battles. Internally, organizations need to combine forces and share their data to deal with an inevitable breach by superior numbers that are constantly growing. This pulling together of allies maps well to Splunk’s Adaptive Response initiative of getting together all your allies (security vendors from across the ecosystem) to fight against the common cause.

A lot of the battles in GoT use traditional forces fighting hand to hand with swords, spears, axes and bows. These traditional forces in the context of security team are your firewall devices, antivirus etc. GoT is starting to feature more advanced weapons and tactics including dragons and visions of the future (you have to watch it). This translates surprisingly well into the advanced weaponry of the modern security team with centralized visibility by collecting all data within an environment – from security systems as well as from non-security-systems, allowing the security team to swoop down and breathe fire on any attackers who’ve breached the wall.

Don't mess with a modern cybersecurity team...

Don’t mess with a modern cybersecurity team…

One of the characters in GoT, Bran Stark, has been in training for a couple of years and can now see visions of the future. In security speak, this is the equivalent of machine learning and the use of predictive, data driven security analytics to see the problems that are going to happen and use that insight to make the right decision to tilt the battle in your favour.

We’ll wait and see how Game of Thrones ends but the enemy is North of the Wall and the best chance of victory is by getting your forces and data together with the right advanced weapons and tactics.

Winter is coming…

As always thanks for reading.






Posted by