Principal with extensive expertise in secure network design and information systems security.
The idea of 100% security is not a reality anymore. The new breed of attacks – which is constantly changing and evolving – is persistent. The threat is not simply a disruption of service or operations, your critical data and information is targeted by patient and sophisticated attackers who will continue to break in until they are successful. In this environment, how are we going to win?
One way to look at this threat landscape is to imagine the attackers as cyber-shoplifters. The most successful defense against shoplifting is to lock all the doors and not let anyone in. However, this is also an effective method of going out of business. Essentially, you have to allow incoming traffic and, at the point of entry, legitimate traffic looks identical to nefarious traffic. At some point though, they will change their behavior. That’s where you catch them. We need to focus on these points of deviation – anomalous behavior, increased data transfer rates, and numerous connections – and quickly identify threats to your network.
For another perspective, we can consider treating health problems. Three years ago, we were fighting the equivalent of the common cold, now we’re fighting cancer. You can’t control what germs you’re exposed to, or whether or not you get sick, but you can take specific measures to minimize the toll it takes. The goal is early detection, which involves knowing what to look for, what tests to perform, and – before the symptoms become a terminal illness –remediate and remove the threat. You’ll never be penalized for having a breach and catching it early, but you will if you have a breach and don’t catch it for six months.
When it comes to cybersecurity, a “win” used to be defined by preventing any attackers from compromising your networks. As we’ve come to realize that’s no longer an option, we also recognize the need for a new definition of “win.” The reason companies are suffering so much damage today is because the attackers are stealthy. Many breaches occur over a period of several months without detection.
The impact of a cyber attack increases significantly the longer the network is compromised. With that in mind, early detection is essential in order to successfully defend against today’s cyber attacks. Our expertise leverages tools like Advanced Forensic Responder (AFR) and other methodologies to monitor our clients’ networks and provide early detection. A “win” in today’s cybersecurity landscape is characterized by minimizing the damage incurred due to early detection and quick remediation.
