One of the greatest challenges we face as security professionals is the ability to understand what is happening right now. While we seem to be reacting to problems as they arise, in fact what we are doing is dealing with the after effects of a breach. Both data leakage and the disruption caused by a breach such as Aramco last year can cause significant harm to an organization.
One of the greatest challenges we face as security professionals is the ability to understand what is happening right now. While we seem to be reacting to problems as they arise, in fact what we are doing is dealing with the after effects of a breach. Both data leakage and the disruption caused by a breach such as Aramco last year can cause significant harm to an organization.
The advantage of the attackesr is their stealth, they are hoping to slip into your organization unnoticed and identify their target to achieve their aims. If the attackers never needed to communicate with the outside world, they could quietly go about their business in your network and remain largely undetected. Their weakness is the need to communicate with the outside world and this can be turned to our advantage.
Our advantage as a defender is time. The sooner we are able to spot the evidence that an attack is underway, the sooner we are able to take appropriate action and limit the damage. The difficulty is that we need to be looking in the right place at the right time. To a certain degree, we are limited by the tools we have available to us. IT budget cycles typically are on a three to four year period and what may have fit the purpose then may not be the right tool today. In a world where the Internet is evolving so rapidly and where users are becoming increasingly mobile and social; static appliance based security is not enough.
The Security Cloud is ideally suited to providing a near real-time view of every communication made both into and out of an organization from any device anywhere. For example, your security team could instantly see that a connection has been made at 3:30 am from a machine located on the other side of the world to a host that has recently been identified as a botnet controller.
The team could rapidly mine the billions of transactions stored in The Security Cloud to identify how many machines have connected to that new address in the past. By working closely with our partners in the security industry to share new threat information, we can ensure that as a community we are providing the best possible security intelligence.
