Industry Trends

The Watchers On the Wall

By Chris Dawson | April 03, 2015

We had to run with the analogy. Because, well, it's a wall. Made of ice.

“I am the sword in the darkness. I am the watcher on the walls. I am the fire that burns against the cold, the light that brings the dawn, the horn that wakes the sleepers, the shield that guards the realms of men.”

Sends chills, right? The Oath of the Night’s Watch (the version from the book, of course). It’s right up there with “One Ring to rule them all...and in the darkness bind them”. But you knew we couldn’t leave well enough alone and just bandy about quotes from Game of Thrones or draw flame war-inspiring comparisons to Tolkien. Because the Night’s Watch guards a giant wall that defends Westeros from countless threats in the far North. True, it’s a wall of ice, which is sort of the opposite of firewall, but we can’t help but think of Castle Black and the Wall as the ultimate firewall analog in Game of Threats...I mean, Thrones.

In case you missed it, “The Watchers On the Wall” was episode 9 from season 4 of our favorite show here at Fortinet. A vast army of wildlings attacked the wall from the north, while a smaller garrison of wildlings already positioned south of the wall attacked at the height of the battle. George R. R. Martin and the writers for the show could not have painted a better picture of network security if they’d consulted with us. They didn’t, by the way, but if they had, we wouldn’t have changed much.

The entire battle plays out with elements of advanced persistent threats, distributed denial of service attacks, obfuscated internal threats, and exfiltration attempts. The wildlings attack in such extraordinary numbers that they nearly overwhelm the firewall’s (I mean, the Wall’s) defenses. Can you say DDoS? Giants riding mammoths attacked weakening gates while the wildling hordes pounded the wall. Sure, the average APT can go on for months, but the writers had to take some understandable liberties with our analogy.

The garrison of wildlings that slipped past the wall a few episodes before? Obviously a malicious payload delivered through sophisticated evasion techniques. And their attack? Classic blastware and exfiltration. They even got data center traffic conventions right. Attacks are generally carried on southbound traffic (into the data center) while cybercriminals exfiltrate data on northbound channels (out of the data center). Yes, I know this is Westeros and not a data center. Potato, patahto.

The icing on the cake, though, was the Night’s Watch itself. We have our own version of the Night’s Watch here at Fortinet - watchers on the firewall, so to speak. It’s called FortiGuard and it’s a team of security researchers and white hat hackers who monitor cyberthreats continuously, many of which come in from the hundreds of thousands of FortiGate next generation firewalls deployed worldwide. If a new bit of malware passes through one of these firewalls, FortiGuard knows about it, dissects it, and turns it into threat intelligence.

Image courtesy of Wikimedia Commons. 
White hat courtesy of me.
To be totally honest, here’s where the analogy falls apart a little bit. If Westeros was using the right security infrastructure, that little garrison of wildlings would have been tossed into a sandbox, observed, and rejected as malicious within seconds instead of making it to the other side of the Wall and nearly taking Castle Black. Or stealing data. Or whatever.

Lack of proper sandboxing aside, I have to tip my hat to good old GRRM for telling such a gripping story of network security, hacking attempts, and white hat hackers. Or writing a spectacular battle scene on the outskirts of a semi-magical fictional realm. Like I said, potato, potahto.

Join the Discussion