Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Mar 25, 2019

Some aspects of info security haven't changed much in theory.

GettyImages-860508768.jpg

You may be interested to know that most every modern cybersecurity technique used today is based on methodologies developed and used thousands of years ago. So, in the spirit of those who don’t know their past are doomed to repeat it, let’s look at how modern cybersecurity has evolved from a stick and parchment paper.

Information Security Before Computers

For millennia the basic concepts of cyber security have been deployed to protect information assets and almost always for military applications. Going back to antiquity and leading up to the dawn of computing the following techniques were used:

  • The Spartan Scytale: around 600 BC Spartans used a process that consists of a leather strap wrapped around a wooden rod. The letters on the leather strip are meaningless when it's unwrapped, and only if the recipient has the correctly sized rod does the message make sense.
  • The Caesar Cipher: Julius Caesar is credited with a type of substitution cipher in which each letter in the plaintext is 'shifted' a certain number of places down the alphabet. For example, with a shift of 1, A would be replaced by B, B would become C, and so on.
  • The Playfair Cipher: In 1854 Charles Wheatstone invented this cipher which is a digraph substitution. It employs a table where one letter of the alphabet is omitted, and the letters are arranged in a 5x5 grid. Typically, the J is removed from the alphabet and an I takes its place in the text that is to be encoded
  • The Enigma Machine: In 1918 a German engineer named Arthur Scherbius developed this for World War I as a combination of mechanical and electrical subsystems. The mechanical subsystem consists of a keyboard; a set of rotating disks called rotors arranged adjacently along a spindle; one of various stepping components to turn at least one rotor with each key press, and a series of lamps, one for each letter.

Outside of military applications, the use of ciphers became a critical foundation for computing security.

Information Security in the Computing Age

The introduction of networked-based computers created a new set of problems for encryption. Specifically, how to share data while maintaining security but still allow both sending and receiving parties to encrypt and decrypt the data. Enter the Diffie-Hellman Key Exchange.

The Diffie-Hellman Key Exchange “is a way of generating a shared secret between two people in such a way that the secret can't be seen by observing the communication. That's an important distinction: You're not sharing information during the key exchange, you're creating a key together.” For a more complete definition of how this cipher works check out Hackernoon.com’s article titled “Algorithms Explained: Diffie-Hellman.

The First Global Cat and Mouse Game

The introduction of the computer and more specifically, the global reach of the internet made it possible for creative individuals to wreak havoc. An article titled “The History of Cyber Security — Everything You Ever Wanted to Know” describes that in 1971, the first recorded malicious code to have broad reaching impact:

“The history of cyber security began with a research project. A man named Bob Thomas realized that it was possible for a computer program to move across a network, leaving a small trail wherever it went. He named the program Creeper, and designed it to travel between Tenex terminals on the early ARPANET, printing the message ‘I’M THE CREEPER: CATCH ME IF YOU CAN.’”

The article goes on to describe the first cybersecurity responsible for cleaning up the mess left behind by malicious code:

“A man named Ray Tomlinson (yes, the same guy who invented email) saw this idea and liked it. He tinkered with the program and made it self-replicating—the first computer worm. Then he wrote another program—Reaper, the first antivirus software—which would chase Creeper and delete it.”

For the next 48 years the cat-and-mouse game between cybercriminals and cybersecurity professionals have been dancing between what is secure and what becomes available for malicious use.

The Future of Information Security

The only way to prevent damage from cybercriminals and malicious code is to prevent the attack from even occurring. So, considering only solutions that use deep inspection and analysis methods which can interpret and detect malicious code in real time and immediately block threats, preventing unwanted code affecting your IT infrastructure is the only way to go.

Your solution should ensure that every line of code is evaluated, making evasion techniques ineffective. Bottom line is that your organization will be protected from attack for hire services.

Learn more here.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Mar 25, 2019

You may also like:

The Evolution of CISO Strategies

How has the CISO role changed through th…

How has the CISO role changed through the years? Charles Da… Read More >

Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Mar 15, 2019

The Return of the Equation Editor Exploit – DIFAT Overflow

The latest from Mimecast Research Labs. …

The latest from Mimecast Research Labs. Summary In the last… Read More >

Meni Farjon

by Meni Farjon

Chief Scientist for Advanced Threat Detection

Posted Mar 01, 2019

March Email Security Risk Assessment Report: A Focus on Office 365

What Office 365 misses may surprise you.…

What Office 365 misses may surprise you. With this blog I a… Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Enterprise Security Campaigns

Posted Mar 04, 2019