The Perfect Cybersecurity System is … The Human Body

Let’s create the perfect cybersecurity system. It will have natural physical defences against attacks, and which will filter out the good…
Photo by Joel Ambass on Unsplash

The Perfect Cybersecurity System is … The Human Body

Let’s create the most perfect cybersecurity system. It will have natural physical defences against attacks, and which will filter out the good content from bad, and have defined entry and exit points, and which are paroled on a regular basis. The rest of the perimeter will have strong physical defences and paroles to detect any serious breaches. It will then defend against all the previously known attacks on the system, by using detection agents and then deploy specially created attack entities who will know exactly how to de-arm it and permanently delete any offending entities. There will be no hiding places for the attackers, as our defenders will search every place within the infrastructure.

And when new types of attack occur, the system will detect them when they show the signs of causing damage, and put up a mighty fight against the new attacker, and will win. In the battle we will lose some of our defences, but, in the end, all of the invaders will be killed off, even when they hide in valid-looking content. The battle will continue until every single invader has been removed, and where we will have new fighters which are specially created for the newly formed attack. The system will then remember these attacks and regroup the newly created fighters whenever required and will kill off the attackers whenever they arrive with their next attack.

The system we have described is … the human body. The most amazing engine ever created on the planet! If we add the way that our human brain helps us avoid external threats, we have created a machine that can work for decades and be sustained very little long-term damage. Of course, we become ill whenever we are fighting off a new invader, but our bodies will hopefully win out in the end.

Towards the human body

In a perfect cybersecurity world, we would have an infrastructure which mimics the human body. For this, our body has natural defences — such as our skin, our nose and our throat — and does a good job in holding back foreign invaders. And if an invader does manage to get in, we have mechanisms to detect that it is something that is doing our body damage and then gets killer cells to remove the invader. And, too, once we have successfully defended against the invader, our body remembers it, and can easily defend against the threat whenever it occurs again. Firewalls, proxies and gateways are thus our front-line defenders for our networked infrastructures, and where Intrusion Detection Systems (IDSs), sandbox evaluators and network sensors are our way of detecting maliciousness, and where we then create signatures to detect future occurrences and immunize using patches to our virus scanners.

Patroling for invaders

In the human body, the immune system continually patrols for invaders, and for things that could cause disease. The most important part of this are white blood cells (leukocytes), and which are the detectors and the defenders against foreign intruders. These cells are created and stored in areas such as the thymus, the spleen, and within the bone marrow. They flow through organs within lymphatic vessels and blood vessels. We typically classify these as either as phagocytes — which are attackers against invaders — or lymphocytes — and who have a memory of the foreign intruders and who can also destroy the invaders in an effective way. While a virus scanner can be likened to these white blood cells — and where they can detect a known signature of a malicious entity and remove it — they struggle to detect new types of attack.

The one thing that your body can do effectively, is to detect when there is damage being done. This happens when we are infected with a flu virus, and when the virus grows within our cells. But when its growth causes the cells to burst, the activity is detected and the lymphocytes move in. The damage that your body receives when you have the flu relates to it defending against the virus while also killing off some of your body's own cells.

Phagocytes and lymphocytes

There are several different types of phagocytes and where each has a given role. One example is neutrophil and which helps fight bacteria. A blood test of a person which identifies a relatively high level of neutrophils could identify a bacterial infection. With lymphocytes, we have B lymphocytes and T lymphocytes. These are created in the bone marrow and will either stay there to mature into B cells or leave for the thymus gland, where they mature into T cells. B lymphocytes are equivalent to the body’s intelligence function and seek out targets. When detected they send out for T cells to come and destroy the invaders that they have identified. If the invaders — known as antigens — are recognised from the past, the B lymphocytes create antibodies, and which are specialized proteins that are designed to lock onto a specific antigen. This means that someone who has had measles will be able to fight it off again, as their body can produce the required antigens. The antibodies thus lock onto the antigen, and it is then up to the T cells — the killer cells — to actually kill the invader. The process of not being able to be re-infected the body is known as immunization and it protects the body from being re-infected at a future time. The T cells can also help phagocytes in performing their invader killing too.

Immunity

With immunity, we can have innate, adaptive, and passive. Innate Immunity is something we are born with, such as coping with germs that affect other animals. Humans, for example, are not affected by illnesses that their pets suffer from (such as from cat flu). Our first line defence systems — such as the skin, nose, gastrointestinal tract and throat — also do a good job in filtering out many of the invaders. These are like networked firewalls and aim to filter out anything that is obviously malicious, such as where we have a private IP address existing on an external firewall interface.

Adaptive Immunity

With Adaptive Immunity, we develop our immunity over time and where we create lymphocytes which can identify previous threats (either from a real attack or through vaccination). This type of immunization is similar to malware signatures being added to network firewalls, and which are created by taking a snapshot of the malicious software. This might involve a network sensor detecting malicious activity, such as encrypting files on a host without permission and then updating our firewall rules to detect and block future infections.

Within Passive Immunity, we inherit immunization, such as when a baby gains temporary immunity through the mother’s breast milk. Again, this can be likened to the sharing of malicious malware signatures within network firewalls. The problems of immune systems include where the immune system overreacts to an antigen (allergic disorders) or where the immune system attacks its own body (autoimmune disorders). Within cybersecurity, the allergic disorder could equate to the spread of ransomware by quarantining any encrypted content on hosts. For autoimmune disorders, the information system could end up deleting valid network packets in order to remove malicious ones.

Conclusion

In Cybersecurity, we need to monitor both internal and external threats. Increasingly we must use machine learning to learn new threats and immunize against them. Please take care of your body, it is the most amazing thing ever produced on this planet, so don’t waste the opportunity. If you have time, go and exercise your brain, and learn something new.