Schrödinger’s Security

“What’s the most you ever lost on a coin toss?” – Anton Chigurh, No Country for Old Men

When you think about your security stack as it exists today, you have to realize it exists in both a working state and a non-working state. To illustrate this point further, Erwin Schrödinger, a physicist, created a thought exercise to illustrate the nature of quantum theory as it relates to subatomic particles.

Quantum theory states that until a particle is measured and observed, it exists in all possible states. To make this easier to digest, he came up with the following analogy:

A cat, placed into a box and then joined by a radioactive substance with a fifty percent chance of decaying while the cat is in the box (thus killing the cat) will exist in both states, alive and dead. It’s not until we open the box will we know the cat’s state.

It’s not until you observe and monitor your security state that you will know where it stands. Think about it like this: if someone came to you today and asked the question “are we protected?” What would be your reply? Let’s look at some of the possible answers.

Discovery of malicious activity is helpful in showing value of the stack, but is not a definitive answer to the question. Remember, we are trying to see if the cat is alive or dead here. This answer is merely the equivalent of stating that you heard a noise in the box at one point not too long ago, but it is not a comprehensive answer.

This answer is a little bit more concerning to me, but that could be my paranoia kicking in. That’s due to my understanding of the size of the human attack surface. By (Read more...)

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Chris Stephen. Read the original post at: