In 2002, Defense Secretary Donald Rumsfeld gave a speech about a lack of evidence linking the government of Iraq with the supply of weapons of mass destruction to terrorist groups. This speech was remarkable for one thing only, that being the inclusion of the phase “known knowns, unknown knowns, and unknown unknowns.” These concepts finally entered common parlance. True, those in the security arena, both physical and logical, already knew and understood the terms, but now laypeople did as well.
Let me explain myself. In the IT security world, people concern themselves with known knowns, known unknowns, and unknown unknowns all the time, and each area has its security tool of choice. For example, known knowns—worms, viruses, Trojans, and other malware and vulnerabilities we are aware of—are dealt with by firewalls, IPSes, IDSes, and antivirus software. The rules of firewalls and IDS and IPS products, coupled with the signatures of antivirus tools, deal with those issues that are known. For example, firewall rules allow only the traffic that is allowed to travel to navigate the network, and antivirus rules look for particular code patterns and vaccinate and protect against them. Known unknowns are dealt with by heuristic scanning and education. It is the altogether more difficult unknown unknowns that give IT security professionals sleepless nights.
Previously published on TVP Strategy (Virtualization Practice)
——- Read More ——