Written By Michael Bunyard And Presented By Charles Leaver CEO Ziften
Cyber security is all about people vs. people. Each day that we sort through the current attack news (like the recent Planned Parenthood breach) it ends up being more and more obvious that not only are individuals the issue, in many ways, but individuals are also the answer. The opponents are available in various classifications from insiders to hackers to organized crime and State sponsored terrorists, however at the end of the day, it’s people that are directing the attacks on companies and are for that reason the problem. And it’s individuals that are the primary targets exploited in the cyber attack, normally at the endpoint, where individuals access their connected business and personal worlds.
The endpoint (laptop computer, desktop, mobile phone, tablet) is the device that individuals utilize throughout their day to get their tasks done. Think about how often you are attached to your endpoint( s). It’s a lot, right? Not only are these endpoints susceptible (see the Stagefright Android vuln for a good example), individuals at the endpoint are often the weak spot in the chain that supplies the opening for the enemies to make use of. All it takes is a single person to open the incorrect email, click to the incorrect site or open the incorrect file and it’s game on. Regardless of all the security awareness in the world, individuals will make mistakes. When speaking about the Planned Parenthood breach my associate Mike Hamilton, who directs the product vision here at Ziften, provided a really fascinating insight:
” Every company will have individuals against it, and now those people have the ways and mission to interrupt them or take their data. Leveraging existing blind spots, cyber criminals or perhaps hackers have simple access through susceptible endpoints and utilize them as a point of entry to hide their activities, evade detection, make use of the network and prey on the targeted company. It is now more important than ever for organizations to be able to see suspicious behavior beyond the network, and certainly beyond simply their web server.”
People Powered Security
It makes sense that cyber security services ought to be purpose built for individuals that are defending our networks, and keeping track of the behaviors of individuals as they utilize their endpoints. However typically this hasn’t been the case. In fact, the endpoint has actually been a virtual black box when it comes to having constant visibility of user habits. This has actually resulted in a scarcity of information about what is truly taking place on the endpoint – the most vulnerable component in the security stacks. And cyber security solutions certainly don’t seem to have individuals defending the network in mind when silos of diverse pieces of info flood the SIEM with so many incorrect positive alerts that they can’t see the real risks from the benign.
People powered security enables seeing, examining, and responding by examining endpoint user behavior. This needs to be performed in a manner that is painless and quick due to the fact that there is a big lack of skills in companies today. The very best technology will make it possible for a level one responder to handle the majority of suspected risks by providing basic and concise details to their fingertips.
My security master colleague (yeah, I’m lucky that on one hallway I can speak to all these folks) Dr. Al Hartmann says “Human-Directed Attacks require Human Directed Response”. In a current blog post, he nailed this:
” Human intelligence is more versatile and innovative than machine intelligence and will always ultimately adapt and beat an automatic defense. This is the cyber-security versio of the Turing test, where a machine defense is trying to rise to the intellectual level of a competent human hacker. At least here in the 21st Century, expert systems and artificial intelligence are not up to the job of fully automating cyber defense, the cyber attacker inevitably triumphs, while the victims lament and count their losses. Just in science fiction do thinking machines overpower humans and take over the planet. Don’t subscribe to the cyber fiction that some autonomous security software application will outwit a human hacker foe and save your organization.”
Individual powered security empowers well briefed vibrant response by the people trying to prevent the aggressors. With any other approach we are just kidding ourselves that we can stay up to date with enemies.