Over a million developers have joined DZone.

Pokemon Go and Security: Real-Life Lessons Applied to Software

Tom McLaughlin talks about Pokemon Go, assessing the security risk of unexpected visitors searching for Pokemon, and how it applies to security to software.

· Performance Zone

Evolve your approach to Application Performance Monitoring by adopting five best practices that are outlined and explored in this e-book, brought to you in partnership with BMC.

This tweet got me wondering about parallels between the recent Pokémon GO phenomenon and cybersecurity. Those familiar with the game will be amused at the thought of people showing up at the New York Times to battle fictional creatures on their phones. For those not in the know, this kind of activity can be strange and even unsettling at times. Why are random people coming to my place of business? Who are these people congregating outside my house? And why do I keep hearing someone yell, “Aw man, Magikarp!”

All weirdness aside, how can we relate random people showing up unexpectedly at an office building to the world of cybersecurity?

Pokémon GO is an augmented reality game that turns your mobile device into a portal to another world. Using your phone, you travel around the physical world collecting creatures called pokémon. While capturing pokémon, you check in at landmarks to collect items, stop at gyms to fight and train them, and along the way bump into other players and awkwardly ask if they're playing the game too. (Hoping they know what you’re talking about and don’t give you strange looks.)

Released this past Thursday, Pokémon GO has rocketed to the top of the Apple and Google Play app stores and hit 7.5M downloads by Monday. As you’re going about your regular day, the person next to you may be interacting with the world completely differently and in a way you can’t see and don’t yet understand.

Observe the Situation

In any security scenario, it’s essential that you observe and monitor events. It’s critical that you observe behavior and know the difference between what is expected and what is unexpected. Take note of this scene of a Friday night in a town square:

#PokemonGO is taking over Davis Square #Bostonpic.twitter.com/NLLiP3lHyy

— Evan Shortiss (@evanshortiss) July 10, 2016

Seeing this mass of people standing in a large group, it would be natural to question who they are and what they’re doing. The local pharmacy isn’t usually this happening on a Friday night. So you make a few observations based on questions like the following:

  • What are the ages of the people? Are the people similar in age?
  • What is the typical traffic flow for the area? Is anything abnormal?
  • Where do people typically congregate? Is what we’re seeing tonight abnormal?
  • What relationship do the people have with their devices? Are they preoccupied with them?
  • Are individuals off on their own, or have they formed small groups?

Asking critical questions like these is the first step to understanding an event. At this point, we have observed the scene, and by asking key questions, we have developed a detailed picture of what is going on. Before we an act, however, we need to do a threat assessment.

Perform a Threat Assessment

It’s natural at this point to want to act. Something is happening, and it needs a response. However, until you know more, how can you react appropriately? You’re likely to under react and place your organization at risk, or over react, which will eventually lead to alert fatigue.

Pokemon Go app prompts 'suspicious persons' calls for police https://t.co/ktCIxSIMte

— WCVB-TV Boston (@WCVB) July 11, 2016

You must be able to accurately distinguish between benign behavior and malicious behavior in order to take act effectively.

In this case, once you’re able to classify the people as Pokémon GO players, it’s easy to realize that they’re benign:

So many Pokemon trainers in downtown Malden right now. #PokemonGOpic.twitter.com/2dk2e57LkN

— Dylan Martin (@DylanLJMartin) July 9, 2016

Or, the individuals could be an annoyance as they congregate at your business and potentially obstruct your paying customers:

.@threatstack favorite @bluedragonbos is also a #PokemonGO stop. Catch the fried chicken or pokemon. /@chefmingtsaipic.twitter.com/xPbKlp8PWZ

— Tom McLaughlin (@tmclaughbos) July 11, 2016

At worst, they could be criminal trespassers:

I'm sure the @USCG would appreciTe us not walking into base to get Poke balls. #Boston#PokemonGopic.twitter.com/mXg1OLt4DM

— Tom McLaughlin (@tmclaughbos) July 10, 2016

Context — a detailed picture of the event — is the key to determining whether the behavior you’re seeing is a threat or not, and it helps you determine the the level of response to employ. A group of adults clustered in a children’s park, talking on their phones isn’t necessarily a threat, even though it might not be everyday behavior. In contrast, a group roaming a Coast Guard base at night would require a much swifter and more thorough response.

Take Action

Once you’ve made a threat assessment, it’s time to act — or not act. How many Pokémon GO players might have been spared a visit by the police if those around them had just watched the 11 o’clock news (i.e., critically observed the situation and completed a threat analysis)?

If it is time to act, then choose the correct approach. Do the police need to be called, or is a quick conversation enough to resolve the alert? Think about how you might wake people up to escalate an overnight alert or leave the situation for follow up on the next day. Use your best judgement. Once you have a response, make the action repeatable.

For issues that require no intervention, adjust your monitoring to prevent the issue from interrupting someone in the future. Don’t bother responders when nothing needs to be done (or you’ll risk alert fatigue and desensitizing them to situations that do require action.)

Pokémon GO and Security

So what did we learn from Pokémon GO? When observing a new and unexplained situation, it’s important to assess the situation accurately so you can respond appropriately. When you notice a new phenomenon, it’s critical to first observe — to build a complete understanding of what’s happening. Next, build a threat assessment by gathering details and developing a context that enables you to attach a why to the what that is happening. And then respond appropriately.

Finally, remember this: Threats evolve just like pokémon do! Make sure you’re always training and leveling up to master threats.

Learn tips and best practices for optimizing your capacity management strategy with the Market Guide for Capacity Management, brought to you in partnership with BMC.

Topics:
performance ,security ,assessing threats

Published at DZone with permission of Tom McLaughlin, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}