Chuck Leaver – Your Incident Response Costs Will Be High Without Visibility

Written By Kyle Flaherty And Presented By Ziften CEO Chuck Leaver

It was quite a day on July 9 2015 in the world of cyber security. The first thing to take place was the grounding of flights by United Airlines due to a technical problem, this was followed just afterwards by the New York Stock Exchange (NYSE) announcing they had to stop trading. This report originated from the Wall Street Journal as you would expect, and they went offline soon after.

This caused complete panic on the Internet! There was a huge buzz on Twitter and there were a great deal of rumors that a well coordinated cyber attack was happening. People were jumping off the virtual bridge and stating a virtual Armageddon.

There was overall chaos up until the 3 companies declared in public that the problems were not connected to cyber attacks but the feared unidentified “technical glitch”.

Visibility Is The Concern For Cyber Attacks Or Glitches

In today’s world it is assumed that “glitch” means “attack” and it is true to say that a good team of hackers can make them look the same. There are still no details about the events on that day and there most likely never will (although there are rumors about network resiliency issues with one of the biggest ISPs). At the end of the day, when an event like this takes place all organizations require answers.

Stats suggest that each hour of incident response may cost thousands of dollars an hour, and in the case of companies such as United and NYSE, downtime has not been considered. The board of directors at these businesses do not wish to hear that something like this will take hours, and they may not even care how it occurred, they simply want it fixed rapidly.

This is why visibility is constantly in the spotlight. It is essential when emergency situations strike that a company understands all of the endpoints in their environment and the contextual habits behind those endpoints. It might be a desktop, a server, a laptop computer and it might be offline or online. In this contemporary period of security, where the idea of “prevent & block” is no longer a suitable strategy, our ability to “quickly find & react” has become increasingly more critical.

So how are you making the transition to this new age of cyber security? How do you decrease the time in determining whether it was an attack or a glitch, and what to do about it?



Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>