Written By Michael Bunyard And Presented By Charles Leaver CEO Ziften
Cyber security is all about people vs. people. Each day that we sift through the most recent attack news (like the current Planned Parenthood breach) it becomes increasingly more obvious that not only are individuals the issue, in numerous ways, but people are likewise the answer. The aggressors are available in various categories from insiders to hackers to organized crime and State sponsored terrorists, but at the end of the day, it’s individuals that are directing the attacks on organizations and are for that reason the problem. And it’s individuals that are the primary targets exploited in the attack, normally at the endpoint, where people access their connected business and personal worlds.
The endpoint (laptop, desktop, mobile phone, tablet) is the device that people utilize throughout their day to get their stuff done. Think of how often you are attached to your endpoint( s). It’s a lot, right? Not only are these endpoints susceptible (see the Stagefright Android vuln for a fine example), individuals at the endpoint are often the weak link in the chain that provide the opening for the enemies to make use of. All it takes is a single person to open the wrong email, click to the incorrect site or open the wrong file and it’s game on. In spite of all the security awareness available, individuals will make errors. When speaking about the Planned Parenthood breach my coworker Mike Hamilton, who directs the product vision here at Ziften, provided a truly intriguing insight:
” Every organization will have individuals against it, and now those people have the methods and objective to disrupt them or steal their data. Leveraging existing blind spots, cyber criminals or perhaps hackers have simple access through susceptible endpoints and use them as a point of entry to conceal their activities, avert detection, make use of the network and take advantage of the targeted company. It is now more important than ever for companies to be able to see suspicious habits beyond the network, and certainly beyond just their web server.”
People Powered Security
It makes good sense that cyber security services ought to be purpose built for individuals that are protecting our networks, and keeping track of the behaviors of the people as they utilize their endpoints. But typically this hasn’t held true. In fact, the endpoint has been a virtual black box when it comes to having continuous visibility of user behaviors. This has actually resulted in a dearth of details about what is truly taking place on the endpoint – the most vulnerable component in the security stacks. And cyber security services certainly don’t appear to have individuals protecting the network in mind when silos of disparate pieces of information flood the SIEM with so many incorrect positive signals that they cannot see the genuine threats from the benign.
Individual powered security allows viewing, examining, and responding by examining endpoint user habits. This has to be performed in a way that is pain-free and fast since there is a big shortage of skills in companies today. The very best technology will enable a level one responder to deal with the majority of suspected dangers by providing easy and concise details to their fingertips.
My security master coworker (yeah, I’m lucky that on one corridor I can talk with all these folks) Dr. Al Hartmann says “Human-Directed Attacks need Human Directed Response”. In a recent blog post, he nailed this:
” Human intelligence is more versatile and creative than machine intelligence and will always eventually adapt and beat an automatic defense. This is the cyber-security versio of the Turing test, where a machine defense is trying to rise to the intellectual level of a knowledgeable human hacker. At least here in the 21st Century, machine learning and artificial intelligence are not up to the task of fully automating cyber defense, the cyber assailant inevitably is victorious, while the victims lament and count their losses. Only in science fiction do thinking machines overpower humans and take control of the planet. Don’t subscribe to the cyber fiction that some autonomous security software application will outsmart a human hacker foe and conserve your organization.”
Individual powered security empowers well informed vibrant response by the individuals trying to thwart the attackers. With any other technique we are simply kidding ourselves that we can keep up with enemies.