Archive

Can your Cybersecurity Posture be Called "Reactive Chaos"?

Does this sound familiar? You have no control of your environment and most of your efforts are diverted into understanding what happened, containing the damage, and remediating the issue. New projects, including cloud development and mergers and acquisitions, are significantly stalled. If this does sound familiar, then most likely you are blind to what is happening on the network, unaware of where the weaknesses are, and without the ability to quickly assess risk.

This is the alternate reality organizations enter once they have been materially compromised. It stops business, costs millions, and can have an incalculable impact on current and future customers. You get here by thinking tactically all the time. No time to step back and consider the big picture, instead always making small changes and more investments in new, disparate tools. This wasn't the business plan you started the year with, but it is what will be managed for months, and likely a few years to come.

How can you avoid this? Get visibility of your entire security posture and be able to measure it easily, and preferably, continuously so you can take proactive action – including endpoints and networks. This is important and useful in monitoring, responding to, and in some cases, being able to block potential exploits. But this is only a start.

Embed the culture of security: Have you appointed a cybersecurity champion?
You need a cybersecurity champion just as you need a leader for a fire drill – one who practices and directs the possibly panicked staff in evacuating the floor/building in the event of a fire or other emergencies. By embedding security culture into the organization, you can have the visibility and assurance that you need for the best defense against reactive chaos.

Systemically avoid reactive chaos.
Automate and orchestrate wherever possible to provide better visibility. Co-source when necessary, as it gives you access to experts in cybersecurity at an affordable price point.

Forget 007 Intel…What Truly Wins the War?

How important is intelligence in bringing victory or averting defeat? In our IT Security universe, this refers to "threat intelligence", which has been all the rage for some years now. Indeed, a number of providers charge hefty sums to provide best-of-breed, mixed strategic and tactical, with full actor information, detailed indicators, and with revelations about future attacks targeted at your organization. During a conference, attendees at a roundtable were asked, "If you hear 3 days in advance that you will be hit with a colossal DDoS attack of a particular type, will it help you?" Some people answered “yes” and pointed at specific things they can do in the time they have, while others said, “sort of”. They would still take heavy damage, but may be able to reduce panic and avoid some mistakes in responding. A few said that they will be able to do a few things only… and if the “3-day attack warning” costs them $100K, they won’t sign for it.

F.H. Hinsley, the historian of British intelligence in the real war against Hitler, made a sustained attempt to show how intelligence affected its outcome. His conclusion, which did not please the intelligence establishment, is that the efforts of MI6 and Bletchley Park shortened the war, but emphatically did not win it. As John Keegan noted "The reason is that the fiction of intelligence has worked so powerfully on the Western imagination that many of its readers, including presidents and prime ministers, have been brought to believe that intelligence solves everything. It stops wars starting. If they start nevertheless, it assures that the wrong side loses and the right-side wins."

Actual warfighters (= skilled security professionals) with weapons (=security tools), on top of threat intelligence are needed to win the war. As Chuvakin observed in this Threat Intelligence and Operational Agility article, telling armed peasants and spearmen that a ballistic missile is coming does not help – even if you know the exact model and who launched it. You need to have the defenses, tools, people, and effective processes already in place.

This is the value proposition of our SIEMphonic co-managed SIEM-as-a-service offering. Put our 24/7, ISO 27001-certified team of experts to work for you. They come armed with deep subject matter experience, robust processes,and award-winning weaponry. And oh yes, it’s all integrated with up-to-the-minute threat intelligence.

Still skeptical? See use cases about what the team has caught, in top-secret 007 fashion: from stories that "never happened" from "files that do not exist". Intel never wins wars on its own, but combined with effective teams, defenses, and processes, the right-side may always triumph.