"The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man."
George Bernard Shaw
The response to my most recent post has been intriguing insomuch as it was completely predictable and expected (though nonetheless disheartening). The few people who've commented have generally said things like "unrealistic" and "unimplementable" and "already been done, failed." Ironically, none of these criticisms are true, nor are they even necessarily knowable. Sure, there have been other attempts at strict compartmentalization (see Qubes OS), but those attempts aren't a true analog for what I suggested. I digress...
The purpose behind my post here is twofold. First, framing problems is imperative to solving them. Frame a problem in the wrong way and you'll either find no answer, or worse, you'll find a woefully inadequate (or even regressive) answer. Second, we as an industry need to stop being total a**holes when presented with new ideas and open our minds to future possibilities. There's nothing worse than hearing about a new approach, idea, technology, whatever, and immediately responding negatively. What's up with that? Rude, to say the least. Again, I digress...
Framing problems is really what I want to talk about today. The ability to shift our thinking to alternative viewpoints is incredibly critical when thinking about how to solve various problem states. In the example of my endpoint security post, the shift in thinking is to realize once and for all that the current framing of the problem makes it unsolvable. We have ample history now to clear demonstrate that how we're attacking (traditional OS) endpoint security simply isn't reasonable, rational, or pragmatic. As such, time to pivot.
How do we then pivot our thinking? A phrase I've been known to use is this: "If the game can't be won, then it's time to change the rules of the game." Think about gambling. Have you ever watched (or even played) a game of Craps? Have you ever taken a look at the rules of the "game"? You know you've found a truly lousy way to gamble with your money when the game requires such extensive rules just to make it appear "fair." If you've ever wondered at the phrase "the house always wins" - one need only look at Craps to see that truth.
Endpoint security is, in many ways, like Craps, except with the odds shifted in favor of the attacker (the House) and away from the defender/user (the player). Why do we knowingly put up with such stacked odds? Do you really enjoy living on luck? Look at the rapid spread of ransomware in the past couple months. We are absolutely, positively, and fundamentally losing the endpoint security battle. Should we keep fighting on in the same manner? Isn't that the definition of insanity? I think so...
How, then can we frame the problem in a more favorable manner? Quite simply, by changing the rules of the game; or, as I'm also fond of saying, it's time to "unbalance the equation." That, dear reader, was the point of my post on endpoint security earlier in the week.
Yes, Absolutely, Change the Question!
The security industry in general has fallen into a rather dangerous rut these past many years. Organizations quite unwittingly seem to continue to buy into hyped pitches that, no really, this time, doing the same old same old, it'll actually make a difference (no it won't). In fact, it's almost insulting how naive we buyers seem to be, as we continue to give vendors vast amounts of money for selling the same old broken garbage that isn't solving the problem.
I want to solve problems. I want to view things differently. I want to look at the problem - the actual core problem - and then change the rules of the game so that we can actually win it. Wouldn't that be nice for a change? I think so.
And so it is that we must fundamentally change the questions being answered. It is imperative that we endeavour to define a problem state in such a manner that a reasonable solution can be developed. It's time to quit sandbagging as an industry and start pushing for realistic differences.
Despite the somewhat ranty nature of this post, I want you to have one key takeaway here: We cannot continue to throw "solutions" at poorly framed problems. The answer to a flat tire on your bike due to a ruptured tube is not to continue trying to pump air into it. Nor do you necessarily go out and buy a brand new bike simply because you got a flat. Nor do you take the flat tire and put it onto a different bike in hopes that it will somehow magically fix the flat.
Frame your problems. Frame them in a manner that is solvable. If you find that the problem as defined is seemingly unsolvable, then change the problem state! Figure out where the fault is! Don't simply accept "no viable solutions" as an answer. Demand better answers and provide better questions!
And if you're having difficulty re-framing a problem in a more solvable manner, please, contact me, because if there's one thing I really love doing, it's helping frame/re-frame problems until I can find something that's solvable.
Good luck to you all in your problem solving! May your confirmation bias not cloud your judgment, and may you seek out many perspectives to help you see more clearly.