Threat agents maintain the initiative and we respond to restore balance. The bad guys innovate, find exposures, and use technology which they can leverage to achieve their objectives. They take the first step, set the tempo, and lead this wicked dance. The security industry normally operates in a responsive manner, closing the door behind successful attacks to prevent further loss and scrambling to prepare for the next issue. But every once in a while, the security community comes up with a predictive and proactive idea which has sweeping effects against attackers and their future likely methods, and we show true leadership in innovation.
These golden nuggets can change the initiative and give an advantage to the defenders. Sadly, it is rare. In most instances it is difficult to justify expenditures for capabilities which may or may not interdict future potential attacks. Our industry cannot confidently measure and substantiate such innovation to determine which will leapfrog us ahead of the bad guys and those which fail miserably. Without clear value, those holding the purse strings are not very motivated to blindly invest. It reverts back to the age old security problem of measuring attacks which are avoided.
How will we ever change our industry to support security taking back the initiative? First we must devise a good way of measuring innovation. We have much better metrics for how good the bad guys succeed, and are blind on how to measure the value of security ideas. This must change in order to facilitate the financial support necessary for investment. The value is there, we must adjust our focus to see the opportunity. Otherwise, the enemy will maintain the advantage as we continue to follow behind the attackers, cleaning up messes, and forever responding to their ingenuity.