Security Lessons from Nature – Smart Crabs

Crabs have claws. Some of them have ridiculously oversized claws, some are stronger than the jaws of a wolf and some can give you wicked papercuts.

However, there are a few crabs that just don’t think that’s good enough. Instead, they pick up anemones and carry them around. Since anemones have tentacles, the crabs look a bit like high school cheerleaders carrying pompoms, but they don’t mind. After all, it’s a great defense. An attacker girds itself to fight against pinching and instead it gets a face full of stinging pain… quite the surprise.

Businesswise, it would be pretty ineffective if you have your employee carrying around anemones. Not only would it make typing difficult, but they would also have to kept underwater, which might present issues with keyboards. Instead, the lessons are, I think, misdirection and non-localized advantage.

Your business has a brand, so an attacker would naturally expect that a defense would match what your company is best at. For example, if you make surveillance cameras, one might expect that your network is well watched, but perhaps not well protected in other ways. So, if an attacker can manage to encrypt traffic or otherwise hide what they are doing, they can likely expect a fairly easy time of it. However, if you manage to partner with a company that produces a more active defense, such as HIPS, an attacker may find themselves blocked, traced and served with a face full of stinging tentacles (or a lawsuit… the modern equivalent).