Werner Schmidt
Enterprise Networking and Security Expert

Bruce Lee Style Security

The highest technique is to have no technique. My technique is a result of your technique; my movement is a result of your movement.”
– Bruce Lee

I find that quote telling for where we ought to be in security now. We still build walls and people learn how to get around the walls. Worse yet, we use brute force to prevent attacks but with DDoS (Distributed Denial of Service) we can’t always build walls strong enough to sustain an attack.

Years ago, I studied some martial arts. It was while my kids were growing up and it looked interesting. I stayed in a while and progressed. At first I was real clumsy, then I started to learn techniques but struggled remembering the sequence. When I eventually left, I was just starting to get to a naturally reactive state. I like this description of cultivation from Bruce Lee.

The Three Stages of Cultivation - The first is the primitive stage. It is a stage of original ignorance in which a person knows nothing about the art of combat. In a fight, he simply blocks and strikes instinctively without a concern for what is right and wrong. Of course, he may not be so-called scientific, but, nevertheless, being himself, his attacks or defenses are fluid. The second stage—the stage of sophistication, or mechanical stage—begins when a person starts his training. He is taught the different ways of blocking, striking, kicking, standing, breathing, and thinking—unquestionably, he has gained the scientific knowledge of combat, but unfortunately his original self and sense of freedom are lost, and his action no longer flows by itself. His mind tends to freeze at different movements for calculations and analysis, and even worse, he might be called “intellectually bound” and maintain himself outside of the actual reality. · The third stage—the stage of artlessness, or spontaneous stage—occurs when, after years of serious and hard practice, the student realizes that after all, kung fu is nothing special. And instead of trying to impose on his mind, he adjusts himself to his opponent like water pressing on an earthen wall. It flows through the slightest crack. There is nothing to try to do but try to be purposeless and formless, like water. All of his classical techniques and standard styles are minimized, if not wiped out, and nothingness prevails. He is no longer confined.

As quoted in The Art of Expressing the Human Body (1998) edited by John R. Little, p.108-109

As I look at the security field, I see the same evolution. Not too long ago, security was in the primitive stage and frankly still is in a lot of organizations. With more robust solutions, we’re closer to the stage of mechanical or sophistication stage, but that’s about as far as we are. We need solutions to be more spontaneous and adaptive that yield, redirect and elude the enemy.

We are starting to see that, but only the early stages. Application firewalls are a great example, we offer industry best solutions for web servers and Oracle servers that are in the sophistication stage. We also now carry what I believe is the first example of spontaneous security for public facing web servers that are adept and react differently to threats based upon the perceived skill of the attacker. These tools assess the quality and skills of the opponent through ever greater challenges and elusion. I’m excited, it’s where I think security needs to go and be. If you have a critical web based application that deals with confidential information, fiscal or health related transactions or just needs to remain up and secure to advanced threats, please give me a call so we can demo the latest advancements in this arena. These are offered as virtual appliance solutions.