By Thomas Todt, Senior Sales Engineer
When I was a pupil at secondary school I was not very interested in history or German classes. Sports and Mathematics were the only two subjects I was really interested in.
This has changed since I now have children of my own.
We started listen to Greek mythology CDs during long car rides and, from that moment on, I got access to this wonderful world which was something “unreal” to me when I was in school.
One of my favorite Greek mythology sagas is definitely “the infinite work of Sisyphus”.
You may ask yourself what this has to do with data breaches and having a solution on the horizon that nobody seems to care about or are not able to solve in a realistic way. There are always a lot of excuses but, at the end of the day, it is lack of information about security vulnerabilities that is the main cause of data breaches.
Let’s go back to the myth itself.
Sisyphus (Greek Σίσυφος, Latinized Sisyphus) was King of Corinth and son of King Aeolus of Thessaly. He is said to have lived around 1400 B.C., distinguished himself by great wisdom and contributed much to the increase of Corinth.
Today he is known in Greek mythology as a sinner condemned in Tartarus to an eternity of rolling a boulder uphill then watching it roll back down again.
Sisyphus was a joker, shifty chiseler and the archetype of the humans and gods despicable sinner, who managed several times - by unscrupulous cunning tricks – to escape death. His greatest triumph came at the end of his life, when the god Hades came to claim him personally for the kingdom of the dead. Hades had brought along a pair of handcuffs, a comparative novelty, and Sisyphus expressed such an interest that Hades was persuaded to demonstrate their use - on himself.
Hades was kept locked up in a closet at Sisyphus's house for many years, which meant that during that time nobody could die. Finally Hades was released and Sisyphus was ordered summarily to report to the Underworld for his eternal assignment. But the Sisyphus had another trick up his sleeve. He told his wife not to bury him and to offer no funeral sacrifice for him. But even this paramount trickster could only postpone the inevitable. Eventually he was hauled down to Hades, where his indiscretions caught up with him. As a punishment for his trickery, Sisyphus was made to endlessly roll a huge boulder up a steep hill. Zeus accordingly displayed his own cleverness by enchanting the boulder into rolling away from Sisyphus before he reached the top, which ended up consigning Sisyphus to an eternity of useless efforts and unending frustration. Thus it came to pass that pointless or interminable activities are sometimes described as Sisyphean.
A lot of companies are infected by the “Sisyphean virus” and see vulnerability and patch management as a burden consuming a lot of time, work and efforts to identify what really goes on in their environment in terms of security risks.
They do their own research, like Sisyphus, over and over again by subscribing to newsletters, searching vendor websites, public vulnerability databases and whatever kind of sources.
And this is a never ending story, like with Sisyphus. To get all this done, a lot of resources are needed to cover the complete space, which ends up in a complete mess of information, frustration and not knowing what to do first.
Don’t act like Sisyphus. You may feel that this behavior is dictated - but you as a free, responsible, person could make it much better.
- Rely on professional information from professional research.
- Don’t try to research all on your own. You will end as up like Sisyphus.
- Be proactive rather than reactive by having a continuous stream of vulnerability information available for your infrastructure.
Finally, you will have all vulnerability information available at your fingertips. Just analyze the data, sort it by criticality, define the mitigation path and time of deployment. Done.
If you don’t want to end up like Sisyphus, please contact us. We will be happy to assist you in finding the right solution.