Written By Kyle Flaherty And Presented By Ziften CEO Charles Leaver
It was quite a day on July 9 2015 in the world of cyber security. The first thing to occur was the grounding of flights by United Airlines due to a technical problem, this was followed soon later on by the New York Stock Exchange (NYSE) revealing they had to halt trading. This report originated from the Wall Street Journal as you would anticipate, and they went offline soon after.
This caused total panic on the Internet! There was a huge buzz on Twitter and there were a lot of rumors that a well coordinated cyber attack was occurring. Individuals were jumping off the virtual bridge and declaring a virtual Armageddon.
There was overall chaos until the 3 organizations declared in public that the problems were not connected to cyber attacks but the feared unknown “technical glitch”.
Visibility Is The Problem For Attacks Or Glitches
In today’s world it is presumed that “glitch” means “attack” and it is true to say that an excellent team of hackers can make them look the same. There are still no details about the incidents on that day and there most likely never ever will (although there are rumors about network resiliency issues with one of the biggest ISPs). At the end of the day, when an event like this happens all companies require answers.
Stats recommend that each hour of incident response may cost thousands of dollars an hour, and when it comes to companies such as United and NYSE, downtime has not been taken into consideration. The board of directors at these businesses don’t wish to hear that something like this will take hours, and they may not even care how it happened, they just desire it resolved quickly.
This is why visibility is always in the spotlight. It is essential when emergency situations strike that an organization knows all the endpoints in their environment and the contextual habits behind those endpoints. It might be a desktop, a server, a laptop and it might be offline or online. In this modern-day era of security, where the idea of “prevent & obstruct” is no longer an appropriate technique, our ability to “rapidly find & respond” has actually ended up being more and more important.
So how are you making the transition to this brand-new era of security? How do you decrease the time in determining whether it was an attack or a glitch, and exactly what to do about it?