Call of Duty remains to be one of (if not THE) most popular first-person shooter games currently available. However, what would you say if I told you that a video game can actually teach you lessons in cyber security, in particular the concept of defence in depth (aka layered security)?
In this post we explore how ‘Call of Duty: WARZONE’ is a virtual analogy of using multiple tools and techniques (or weapons and perks) to provide strength in your game and cyber security strategy.
WARZONE, is a massive multiplayer game mode where 150 people battle in teams to become the last team standing. The battle royal themed virtual experience takes part in a city sized map with hospitals, stadiums and farmland where players can hide or battle other teams in vicious gunfights. There are a couple of terms you’ll need to know:
Weapons: The guns, rifles and explosives you use to battle other players.
Perks: Certain settings that enhance your in-game ability. (e.g. Getting notified when another player can see you.)
Loadout: A combination of weapons and perks you can use to strengthen your gameplay.
Defence in depth is a term banded about within the InfoSec industry over the recent years. The Wikipedia definition of the term:
“Defence in depth is a concept used in Information security in which multiple layers of security controls (defence) are placed throughout an information technology (IT) system”Wikipedia
In simple terms, the idea is that you can have a firewall, antivirus and intrusion detections/prevention systems placed in the appropriate areas of your environment to give optimum protection. You can procure these solutions all from one vendor, yet I would argue that this in fact, is not defence in depth.
I know what you’re thinking… How on earth do these two topics link together!? Well, let me explain.
It is all too common in InfoSec that a vendor has a solution for every area of protection, from endpoint, web proxy, perimeter firewall and so on. Vendors often will urge you to invest in the whole suite of products as you are promised simplicity, harmony and the best protection possible.
This is the same as having everyone in your WARZONE team running the exact same Loadout. You may all have the same firepower and perks. However, if there is one weakness in the loadout, then the whole team is weaker than the opponents (or in parallel the cyber threat actors).
In my opinion there is a fine balance between consolidation of cyber security solutions and a diverse use of protections. Each vendor has their own expertise, and prime solutions that they perform the best in, while other products may not get the same focus as what another vendor or technology may offer.
A simple strategy here may be to break down your defences (e.g Endpoints, Network Perimeter, Web Access, IDAM etc) and place the best solution in these places that your budget and overall business strategy can support. The idea is to use the “gold standard” technology in each area. Rather than placing all your eggs in one basket on one provider.
An example of this maybe to use CrowdStrike as your endpoint protection, Palo Alto as your perimeter firewall and Cisco Umbrella as your Web Proxy. Even possibly using the likes of Digital Shadows or FireEye for Threat Intelligence tying it all together.
Drawing a parallel back to WARZONE, if each team member operates a different Loadout for all the potential scenarios you may encounter in battle, then you are far more prepared to win.
For example, one player may have a loadout with a Rocket Propelled Grenade (RPG) for mass damage, another with a sniper rifle for long distance, and a couple of players using the best assault rifles and perks for close range squad battles.
You can see with this strategy you team can handle many scenarios.
Cyber Threat Actors (Hackers) will use reconnaissance techniques to understand your environment to identify a weakness and an attack vector they can exploit to gain a foothold and persistence in your networks.
Having a strong cyber security strategy that uses Defence in Depth across technology providers will ensure that an attacker’s ability to bypass your controls is that little bit harder and (more importantly) easier to detect. Much like having mixed Loadout settings in your ‘Call of Duty: WARZONE’ squad will allow you to defend and wipe the virtual attackers you encounter.
So, there you go! By playing too much WARZONE in lockdown, I have been able to draw a parallel between a video game and cybersecurity. Maybe I need to stop… I hope you have learnt something in this post and don’t forget to check out the HACKABLEYOU Podcast for more discussion!