Negative Security Model

Cybersecurity is a complex field that requires constant attention; keeping current on a myriad of evolving attack types, selecting and adopting constantly-changing technology, and so on. The need to stay up to date even extends to the choice of a security model, such as a negative security model.

The traditional approach to cybersecurity has been based on a  Web Application Firewall (WAF), and historically, they have used a negative security model. Throughout the years, negative security has served an important purpose, but today, positive security models and even hybrid models are getting more attention.

But what is a negative security model, and is it still worth pursuing for your cybersecurity strategy?

What Is the model all about?

A negative security model assumes that:

• Most web traffic is benign.
• Web traffic that is not benign can be identified.

The model allows all HTTP/S requests to go through by default. Requests are not disallowed unless they are identified as being hostile.

This is why the negative security model is sometimes referred to as a “blacklist” model. With it, it is necessary to blacklist undesirable traffic; you must define threat signatures and other means of identifying hostile traffic before that traffic can be blocked.

Advantage of a Negative Security Model

The negative security model is still praised by some IT experts because of its simplicity and its effectiveness. It can protect against a wide variety of online threats, and you can set rules for blocking traffic based on known parameters for hostile and suspicious requests. And because most WAFs work at least partially by using negative security, it’s easy to setup and implement.

Disadvantage of a Negative Security Model

That said, there are also some disadvantages, and they are no longer adequate for a comprehensive security plan today.

For example:

• Insufficiently robust blacklisting criteria. The modern threat environment includes some very sophisticated forms of attack. Some security solutions do not offer sufficient flexibility for defining threat signatures. Simple rules can catch the most obvious threats, but an overly simplistic approach will leave security holes.
• False negative alarms. In cybersecurity, there are two types of false alarms: false negatives and false positives. When a negative security model fails to correctly detect a threat, this is a false negative alarm, which potentially allows an attacker to cause massive damage.
• Susceptibility to novel approaches. New or creative forms of attack will often evade detection.
• Weaknesses to certain types of attacks. Many web security admins rely on the Open Web Application Security Project (OWASP) Top 10 for guidance on the most critical web application security threats. On that list, you’ll note the presence of multiple types of attacks that can’t be prevented with a negative security model, including broken access control and cross-site scripting.
• Administrative burden. New threats are constantly emerging. For a negative security model to remain effective indefinitely, its blacklisting rules must be updated frequently. This administrative burden can be heavy.

Is a Positive Security Model Better?

Because of the disadvantages above, it’s tempting to think that the positive security model is inherently better than the negative security model. But while the ‘whitelisting approach’ compensates for many of the negative security model’s weaknesses, it also comes with some downsides of its own.

For example:

• Costs and complexity. The positive security model is strong and robust, in part because of how meticulous and complex it is—but of course, that complexity comes with a cost. It’s typically much harder, more time intensive, and therefore more expensive to deploy. Rather than defining threats, an admin is tasked with defining what constitutes normal traffic, which can be very difficult.
• Not as widely available. While some next-generation WAFs include a positive security model, not all of them do.
• False positive alarms. It’s also common for positive security models to frequently generate false positives. A false positive alarm means the system will incorrectly identify normal traffic as being a threat. The consequences of false positives are usually not as severe as those of false negatives, but they can still be damaging nevertheless.
• Possible inefficiency. Sophisticated and creative cyberattacks are dangerous, but many threats are predictable and common. For these, a positive security model might seem to be a waste of time and effort.

The Hybrid Model

As we’ve seen, while the negative security model is highly effective in some regards, it also has critical limitations that could render your organization vulnerable to external threats. At this same time, while a positive security model has distinct advantages, it’s also much harder and more resource-intensive to implement.

The best approach is therefore to pursue a hybrid security model. A negative security model can provide a first line of defense, identifying and defeating the most obvious threats. Then a positive security model can catch the new or more sophisticated threats that slip through.

Do you have any questions about which security concept might be the best solution? Our security experts will be happy to answer all your questions at any time.

Contact us now >>

Share this post