Crypto Anchors: Exfiltration Resistant Infrastructure

228

Lately, I’ve been thinking a lot about a concept that Nathan McCauley and I came up with a few years ago: crypto-anchoring—and how much impact this kind of architectural decision could have in the breaches that we’ve been experiencing lately.

It turns out that the vast majority of data breaches follow a pattern like this:

  • An attacker hacks into company X’s infrastructure.
  • The attacker exfiltrates sensitive content (hashed passwords, etc.).
  • The attacker has fun with the data at home (password cracking, etc.).

And even though there are thousands of different security products focused on detecting each step of the attacker killchain, it’s time that we start architecting our applications in a way that makes it harder for attackers…

Read more at Diogo Monica‘s blog