March 29, 2017

Cyber Security is Not a Game

 

Ok, so what do Bill Russell, Hakeem Olajuwon and Dikembe Mutombo have to do with Cyber Security?  Great question!  First you should probably know that these three men are widely viewed as the top shot blockers in NBA history.  They also have something else in common….100% of their blocked shots involved the same thing……a basketball.

So at this point you’re probably feeling as if you’ve stumbled upon a 5th graders creative writing assignment, but trust me, I’ll tie it all together.  Or at least I hope I will.

When I was tasked with writing a blog, I wanted to take on a topic that is arguably at the top of the list of importance to many, if not all, of our clients and prospective clients.  The one obstacle I had, was that it just so happens to also be one of the most advanced and sensitive topics to discuss.  As a sales professional I’ve learned the hard way that when you attempt to dive too far in to the technology details, you can very quickly find yourself swimming in a sea of acronyms and IT terms that would take you years to fully understand.  All you need to do is take a look at salary.com and see what the going rate is for a CISO or CIO and you’ll understand just how much importance organizations place on these positions, as well as their team members.  Even for a novice like myself though (who should stay in the proverbial IT kiddy pool), it was fairly easy for me to connect the dots on why the technology we’ve developed CIRT (Cyber Intelligence Response Technology) is such a tremendous asset for organizations attempting to get a handle on their IT Security protocols.

So let’s go back to the shot blockers.  These men were the best of the best, and if any normal person even attempted to take a shot on them, they’d most likely end up with the bitter taste of basketball leather in their mouth.  But let’s pretend that those same three men were attempting to block basketball rims that were placed in 5,000, 10,000 or even 100,000 locations!  And, let’s pretend that they weren’t blocking basketballs at all, but instead they were tasked with trying to block a multitude of items that would come in all shapes and sizes.  And those shots could come at 2pm or 2am.  You get the point.  They couldn’t possibly block them.

After spending some time with one of our Security Specialists, Brent Batchelor, he explained it to me like this.  There are many products on the market that solve for different aspects of IT Security and generally just defending an organizations domain.  Each of those products is typically managed by a specific group of individuals within said organization and very rarely do those groups work within a collaborative environment.   This is primarily due to the fact that they are using separate products, each with a unique objective, and in many cases there’s simply no need to collaborate unless a threat has been detected on the network, and one of the teams has recognized it.  Whether it be the Computer Forensics, Information Assurance, Compliance, or Malware / Network Security teams….each is vitally important and in most all cases, each work within their own silo because they aren’t leveraging the same technology to do their jobs.

So think of Bill, Hakeem and Dikembe as your firewall.  If they know what the threat is,

chances are you’re in great shape and will be protected.  If however, they are faced with the scenario I described above of not knowing which of the 20,000 goals to defend or what type of attack their opponent is going to present to them, they don’t stand a chance.  And as we are witnessing day after day after day, the “bad guys” are not going to attack the larger and more valuable targets with basketballs.  They are constantly developing new malicious code, that your firewall will never realize has “scored” and hit its target.

 

This is usually the point where I list out all of the Google searches that I’ve found that substantiate my point above, but because this is such a known fact and so prevalent, I’d almost feel like I was insulting you.  If you feel inclined though, just do a quick Google search within the news subsection on “Cyber Security”.  It’s ugly.

And please let me make sure I’m being clear……I’m not suggesting that you don’t need that firewall and that threat detection system that can help you stave off those known threats.  It’s a necessary piece of the puzzle.  Our CIRT solution however is focused on addressing the situation once your domain has been compromised.  And we’ve done it in a way that allows for your teams to finally collaborate and view the areas that they specialize in.

As I write this today, CIRT is the only solution in the market to integrate network forensics, host forensics and perform a large scale data audit under one interface.  CIRT allows you to proactively and reactively identify, analyze and remediate security incidents of any kind, including zero day attacks, hacking, data spillage and advanced persistent threats (APT’s).   CIRT also allows you to put measures in place to track your PCI compliance; it solves for your need to monitor remote employees and also identifies data being copied to or from removable media.

Another highlight of our CIRT solution that can’t be overlooked is our Cerberus technology.  With Cerberus we allow the teams who are the first responders to act quickly to those threats that went unidentified by your Antivirus and your IDS software, because there was no known signature affiliated with it.  Cerberus allows these first responders to very quickly assess how much of a threat something is, where that malicious code came from, where it went, and who was involved.

 

In other words, we turn those unknown objects that are being hurled at your goals, in to basketballs that your team can identify and then react accordingly.  This will allow your forensic team to leverage our remediation capabilities and prevent the malicious code from spreading and continuing to infect your domain.

So as you review your current infrastructure and assess its capabilities to protect your organization, ask yourself this.  Are you really going to be able to block every cyber attack on your network?  If the answer is “possibly not”, and it should be, what are you doing to minimize the impact?  Register for our CIRT webinar and allow us to show you what CIRT is capable of.  You’ll quickly realize that even that greatest shot blockers in the game need a tool like CIRT to help complete their game!

 

Rob Jones

Rob Jones is a Corporate Account Manager for AccessData and focuses on strategic partnerships with eDiscovery Service Providers in the Northeast. Rob assists eDiscovery Service Providers by providing solutions for cyber security, forensic collections, ediscovery processing and litigation review. Before joining AccessData, Rob spent ten years consulting with financial institutions on products and services that would help enhance their web presence. Rob was recognized in late 2010 as being a thought leader in the area of social media marketing and online based marketing initiatives for his extensive experience working with organizations to help manage both web page optimization as well as social media presence. On a yearly basis Rob has consulted with websites whose total monthly visitors reach nearly 480 million views.

More Posts - Website

Speak Your Mind

*