Remove the balloon from the dartboard to stop cyberattacks

What do a dartboard and a balloon filled with water have to do with cybersecurity?

Let me start by telling you what causes cyber-attacks to enterprise networks: 

“Cyber security attacks to the enterprise occur due to the inadequate nature of perimeter defences in maintaining policy controls amidst the demanding nature of multi-port Internet service exceptions through Web gateways, ubiquitous remote access often provided through source-based validation, email payload risks that exploit the open nature of distributed endpoint computing, and other services that require north-south external access in order to support east-west lateral traversal across an enterprise, thus exposing the organisation to southbound exfiltration via weakly filtered external access.” 

While the above sentence is technically accurate, I will grudgingly admit that it might be a bit terse. OK, fair enough – it is more than a bit terse. It is completely ridiculous. 

So let me try to explain the enterprise cyber security problem in a slightly different way: 

“Suppose we fill a balloon with water, and tape it to a dart board hung over a small bucket. I give you one dart and ask you to fill the bucket with the water. What do you do? Well, you throw the dart at the balloon, and probably hit it somewhere, and then when it breaks, all the water spills into the bucket. That’s how enterprise attacks occur today. You perform a breach (the dart) through one place in the network (the balloon) and you can grab everything that’s inside (the water).” 

Now let me tell you how to stop cyber-attacks to enterprise networks: 

“The enterprise security problem is best solved through logical distribution of enterprise systems and applications into distinct micro-segments, separated in virtualised, cloud-based run-time computing environments with dynamically assigned cyber security controls arranged to allow for tailored application of modern machine learning, adaptive, and next-generation protections that do not rely on an external perimeter and that can be adjusted strategically based on situational awareness.” 

Ditto all the stuff I said earlier about this being a ridiculous way to explain the solution. So let’s get out the dartboard again: 

“Suppose we tape twenty little balloons, each with a little water, over the twenty numbers around the edge of a dartboard. We hang the dartboard over a bucket, and I hand you one dart to fill the bucket with water. So what do you do? Unless you have a JKF single-shooter, magic curving dart, you can only hit one balloon and only the water from that one balloon will spill into the bucket. And that’s how the risks of enterprise attacks can be reduced today. A breach hitting one distributed cloud workload element (small balloon) will lose some data (water in that balloon) but will leave unharmed the other virtualised micro-segments (the other balloons) and will maintain their assets (the majority of water that remains after your dart throw).”     

The 'exploding' method

My recently released 2017 TAG Cyber Security Annual, available for free PDF download at, explains this process of distributing your enterprise network into pieces via a method we call exploding

It also explains the process of using virtualisation to cloud-based systems via a method we call offloading. And the good news is that the resultant enterprise is well positioned to introduce superior new methods of cyber security via a process we call reloading.  

All of this is explained in the context of fifty distinct enterprise cyber security controls that a Chief Information Security Officer (CISO) team must attend to in a practical environment. Representative controls include familiar technologies such as firewall platforms and two-factor authentication, along with CISO management decisions such as how best to use managed security services, or how best to provide cyber security training. 

And as for the writing style used to explain the methodology and controls... well, let’s just say that it sits somewhere between those ridiculous technical descriptions we wrote above... and the dartboard hung over your bucket.  

Ed Amoroso, Founder and CEO of TAG Cyber 

Image Credit: Pavel Ignatov / Shutterstock


Edward Amoroso is Founder and CEO of TAG Cyber, is a global cyber security advisory, training, consulting and media services company. He was previously Senior Vice President and Chief Security Officer at AT&T, and is the author of six books on cybersecurity.