The United States Secret Service is a federal agency that is responsible for criminal investigations, but that is much more well-known for its role in the protection of United States leaders, their families, and visiting heads of state.
Just try to get your head around what their job must be like! Trying to protect public figures that travel a lot, often give speeches out in the open, and whose job it is to be visible and representative. The people the Secret Service protects are highly visible and highly valuable targets that are often exposed.
Now imagine doing that job for almost 120 years – with only one protectee and one agent killed on duty. Their record is truly impressive, so much so that we decided to prepare a webinar where we look at their methodology and try to gain some understanding as to why they are so successful.
In short – the Secret Service are masters of planning and preparation. While they are certainly experts in protection, their primary responsibility is to prevent any such situation from happening – proving that visibility and control are at least as important as active protection measures. In our webinar, we will take a look at how the Secret Service prepares for a protectee’s visit to a venue or an event, such as the Inauguration, talking about the assessment, planning, protection, and reaction stages.
In this short post, we are going to give you a sneak peek – talking about the visibility aspect of security. If you want to learn more, we definitely recommend registering for the full event (and share with your friends, as this is an exciting topic!) where we will (un)cover a lot more.
Let us start by looking at the following picture of representative U.S. Secret Service agent:
It is easy to spot him – he is wearing a recognizable communication earpiece, but also a blue lapel pin and everything about him seems to shout “Agent.” Have you ever wondered why that is? They should try harder to blend in and be more concealed, right?
The US Secret Service actually wants to make sure you can see them. The goal is to deploy a mix of visible and invisible security measures – visible to deter any potential attacker from making a move, invisible to be able to react to any security breach. You want to mix these visible deterrents with invisible layers of protection, for example by hiding some capabilities behind a fancy dress or by disguising a tank as a car.
The same principle applies to magnetometers (metal detectors) at entrances to venues. They are clearly visible – and the goal of having them is to deter anyone wearing a gun (or other weapon) from even approaching the target. This is an effective approach, even if magnetometers are not functional – just seeing them likely causes anyone wearing a gun to turn around and leave.
Counter sniper teams are deployed as another invisible security element – and they work closely with field agents. If you were to approach the venue, notice the metal detectors, and try to walk away, the counter sniper team will notify field agents to find out why you suddenly changed you mind. The whole of these security layers are stronger than the sum of their parts.
In IT security, similar visible and invisible security elements play a similar role. If you look at our secure zones architecture from this perspective, you can clearly see the trend of complementary security measures. Visible security is essential if you are trying to protect yourself from the threat of insiders.
For example, it is hard to talk about Hypervisor Introspection and not imagine the invisible sniper team watching your actions through the scope. Or think about Session Recording (with notification of all your actions being recorded) as a visible security element designed to prevent you from doing something you will regret. Citrix Analytics can watch and analyze user behavior as a completely invisible security element. SmartAccess/SmartControl with Endpoint Analysis are protecting the gate, making sure you know that your access point was scanned and recorded. All these features are great, but to achieve the best possible security, you want to combine them to create a powerful security solution.
Be sure to join me and Eric Beiers, lead security architect, on April 12, as we discuss this and many other security best practices.