Written By Kyle Flaherty And Presented By Ziften CEO Charles Leaver
It was rather a day on July 9 2015 in the world of cyber security. The first thing to take place was the grounding of flights by United Airlines due to a technical glitch, this was followed just later on by the New York Stock Exchange (NYSE) announcing they needed to stop trading. This report originated from the Wall Street Journal as you would anticipate, and they went offline just after this.
This led to complete panic on the Internet! There was an enormous buzz on Twitter and there were a great deal of rumors that a well collaborated cyber attack was happening. People were jumping off the virtual bridge and stating a virtual Armageddon.
There was overall mayhem up until the 3 organizations stated in public that the problems were not related to cyber attacks however the dreadful unknown “technical glitch”.
Visibility Is The Issue For Cyber Attacks Or Glitches
In today’s world it is assumed that “glitch” indicates “attack” and it is true to say that an excellent group of hackers can make them look the same. There are still no information about the events on that day and there most likely never will (although there are rumors about network resiliency concerns with one of the biggest ISPs). At the end of the day, when an occurrence like this happens all companies need answers.
Stats recommend that each hour of incident response might cost thousands of dollars an hour, and when it comes to services such as United and NYSE, downtime has not been considered. The board of directors at these companies don’t want to hear that something like this will take hours, and they may not even care how it took place, they simply want it dealt with quickly.
This is why visibility is constantly in the spotlight. It is vital when emergency situations strike that a company understands all of the endpoints in their environment and the contextual behavior behind those endpoints. It might be a desktop, a server, a laptop computer and it might be offline or online. In this modern-day age of security, where the principle of “avoid & block” is no longer an appropriate method, our capability to “rapidly identify & react” has actually ended up being increasingly more critical.
So how are you making the shift to this new era of security? How do you lessen the time in determining whether it was an attack or a glitch, and what to do about it?