Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

6/4/2021
10:00 AM
Matt Shea
Matt Shea
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

What the FedEx Logo Taught Me About Cybersecurity

Cyber threats are staring you in the face, but you can't see them.

Negative space is not a common term, but if you spend any time studying company logos or graphic design, you will hear it. "Negative space" is the space between and around objects in design. Talented artists look for opportunities to create additional meaning or hide Easter eggs when creating logos, choosing fonts, and spacing letters in the company name. 

One of the more famous examples of negative space is the FedEx logo. The logo's design team realized that by picking a specific font and letter spacing, they could create an arrow between the letters E and X. An arrow is the perfect symbol for a company that's always in motion delivering products to customers. The story goes that at the first design review, only the CEO immediately saw the arrow and the rest of the team missed it. Maybe, even after all these years, you have missed it as well.

Credit: Pixiellogo
Credit: Pixiellogo

Related Content:

Stopping the Next SolarWinds Requires Doing Something Different

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: Cloud Security Blind Spots: Where They Are and How to Protect Them

Many see what they expect to see and miss what is staring them in the face. Since they aren't viewing things in a full context, people experience something like the FedEx arrow and other negative-space objects as a blind spot. Once someone points out the negative space, peoples' blind spots usually disappear so that they can see the whole picture. 

Cybersecurity vs. the Blind Spots
Cybersecurity is rife with blind spots, but the consequences have more serious impacts than missing a hidden marketing message. In cybersecurity, there is a constant war to find the next attack, whether from financially driven hackers or adversarial nation-states, before it's too late. To counter these attacks, many companies do what they think they are supposed to do: build up a library of known attacks, also called signatures. Then they compare network traffic or event logs to these signatures to try to match previous events to what is happening now on the network.

This approach was somewhat successful initially, but hackers quickly varied their attacks to avoid matching known signatures. The cybersecurity industry responded with pattern matching and complicated attempts to interpolate between what happened and determining whether the attack closely resembles anything they've seen before. It's a statistical rolling of the dice, sometimes using tools like neural networks and the like. 

Pursuing larger and larger signature and rule sets comes with ballooning costs and runtime inefficiencies. Marketing tries to spin this as a good thing, pitching the biggest, largest, or most complex database (or data lake) of past known signatures with a "bigger is better" value proposition. Weekly updates lend even more false assurance that you are constantly protected. 

Zero-Days Undermine the "Bigger is Better" Approach
The problem is that this approach has a blind spot, which is that the bad guys are using adversarial artificial intelligence (AI) to develop attacks that don't match historical signatures in any way and won't be detected with signature or signature-variant approaches. 

These novel attacks are exemplified by the SolarWinds attack in late 2020 and other "zero-day" attacks, so called because they are not known before they are put on the threat list. Cybersecurity vendor FireEye said it could not effectively alert on the SolarWinds attack because the hackers "used a novel combination of techniques not witnessed by us or our partners in the past." Therefore, the attack was able to bypass its defenses.

So, how do you find something if you don't know what it, or something close to it, looks like?

Just like the FedEx logo, the answer is staring you in the face. The solution is to change how you are seeing everything you are looking at.

In cybersecurity, this means in order to identify threats you've never seen before, you must change how you are looking for threats. Rather than looking for what you think is an attack, examine everything that is not normal behavior. If you elevate what isn't normal, you will examine all anomalies, including attacks that you have and haven't seen before.

Just like in real life, sometimes seeing an arrow you don't expect will point you in the right direction.

Matt Shea serves as Head of Federal for MixMode, which is a "Third Wave AI" (by DARPA) company with products in cybersecurity. With over 20 years of experience in the technology space, Matt has concepted, architected, and developed groundbreaking solutions that blend ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
John-Roy
50%
50%
John-Roy,
User Rank: Apprentice
6/7/2021 | 6:00:54 PM
My Mantra
What about this quote?

 

there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns—the ones we don't know we don't know.

 

Donald Henry Rumsfeld
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24368
PUBLISHED: 2021-06-20
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This c...
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.