Written By Michael Bunyard And Presented By Chuck Leaver CEO Ziften
Cyber security is everything about people vs. people. Each day that we sift through the current attack news (like the recent Planned Parenthood breach) it becomes more and more apparent that not only are individuals the issue, in lots of ways, however individuals are also the answer. The assailants come in various categories from insiders to hackers to organized crime and State sponsored terrorists, but at the end of the day, it’s people that are directing the attacks on companies and are therefore the problem. And it’s people that are the main targets exploited in the cyber attack, generally at the endpoint, where individuals access their connected business and personal worlds.
The endpoint (laptop, desktop, mobile phone, tablet) is the device that individuals utilize throughout their day to get their stuff done. Think about how frequently you are connected to your endpoint( s). It’s a lot, right? Not only are these endpoints susceptible (see the Stagefright Android vuln for a good example), individuals at the endpoint are frequently the weak link in the chain that provide the opening for the assailants to exploit. All it takes is one person to open the incorrect email, click to the incorrect site or open the wrong file and it’s game on. Regardless of all the security awareness available, individuals will make errors. When discussing the Planned Parenthood breach my coworker Mike Hamilton, who directs the product vision here at Ziften, offered an actually intriguing insight:
” Every company will have people against it, and now those individuals have the ways and mission to interrupt them or take their data. Leveraging existing blind spots, cyber criminals or even hackers have simple access through vulnerable endpoints and utilize them as a point of entry to hide their activities, evade detection, exploit the network and take advantage of the targeted company. It is now more crucial than ever for companies to be able to see suspicious habits beyond the network, and certainly beyond just their web server.”
People Powered Security
It makes sense that cyber security services should be purpose built for individuals that are protecting our networks, and keeping track of the habits of the people as they use their endpoints. However generally this hasn’t held true. In fact, the endpoint has actually been a virtual black box when it comes to having continuous visibility of user behaviors. This has led to a dearth of information about what is really taking place on the endpoint – the most susceptible component in the security stacks. And cyber security services certainly do not seem to have the people safeguarding the network in mind when silos of diverse pieces of information flood the SIEM with many incorrect positive alerts that they can’t see the real hazards from the benign.
People powered security makes it possible for viewing, inspecting, and reacting by examining endpoint user habits. This has to be performed in a manner that is pain-free and quick since there is a huge lack of skills in organizations today. The best technology will allow a level one responder to deal with most suspected dangers by providing easy and concise info to their fingertips.
My security guru colleague (yeah, I’m fortunate that on one corridor I can talk to all these folks) Dr. Al Hartmann says “Human-Directed Attacks need Human Directed Response”. In a recent blog, he nailed this:
” Human intelligence is more flexible and innovative than machine intelligence and will always eventually adapt and beat an automatic defense. This is the cyber-security versio of the Turing test, where a machine defense is trying to rise to the intellectual level of a competent human hacker. At least here in the 21st Century, machine learning and artificial intelligence are not up to the task of totally automating cyber defense, the cyber assailant undoubtedly wins, while the victims lament and count their losses. Just in sci-fi do thinking machines overpower humans and take control of the planet. Don’t subscribe to the cyber fiction that some self-governing security software application will outwit a human hacker opponent and conserve your company.”
People powered security empowers well briefed dynamic response by the people attempting to thwart the aggressors. With any other approach we are just kidding ourselves that we can stay up to date with aggressors.