Funding vulnerabilities through automated oppo

By: Tim Young

Fair warning: I’m about to make a reference to American electoral politics. But wait! Don’t click away! It’s not what you think. I’ll reference no candidate, successful or otherwise, by name, and this won’t be an article about Wikileaks or hacks by foreign governments or anything like that.

So you can save all of those conversations for your uncomfortable Thanksgiving dinners. I’m talking about something else entirely.

One bright spot about our overly long presidential campaigns is that they can teach those willing to learn about how the system works, warts and all. And one of those little bits of jargon that leapt into certain corners of the American lexicon this year was “oppo.”

Wonkish shorthand for “opposition research,” oppo is, for lack of a better term, dirt. Campaign researchers spend the months leading up to an election digging up and disseminating incriminating details about the lives and careers of their opponents. If they’ve had legal troubles, bad business deals, scandals, bad report cards, or even if their dentist chided them for not flossing properly, skilled oppo researchers should be able to find those details and use them for the sake of political gain.

And there’s nothing surprising about that, right? But the piece that is intriguing is that any campaign worth its salt is also running oppo on its own candidate. If there’s a 33-year-old local news story about the candidate being investigated by the IRS, or if the candidate has a well-known penchant for dirty jokes or a ne’er-do-well cousin, the campaign’s oppo team wants to turn that up before the other guys do.

Identify the vulnerabilities so that they can be resolved, mitigated, or hidden; that’s the goal of internal oppo.

So why bring this up? Because this same impulse—this introspective oppo—is at the heart of one interesting trend in network security.

Know Thyself

The average enterprise uses 75 distinct security products. That’s according to AttackIQ, a San Diego-based startup that exited stealth mode this year. AttackIQ is one of a growing number of companies that have figured out that one way to make sure all of these products and systems are working correctly is to attack them around the clock, 365 days a year.

The firm’s initial product, FireDrill, is a cloud-based offering that allows users to deploy agents, run scenarios, and view a full report of your networks vulnerabilities, all in an automated fashion and without any actual damage done to your network. It’s like having an army of white hat hackers relentlessly scouring for shortcomings in your security, only without bounties or bathroom breaks.


Latest Updates

Subscribe to our YouTube Channel