Written By Michael Bunyard And Presented By Chuck Leaver CEO Ziften
Cyber security is all about people vs. people. Each day that we sift through the current attack news (like the current Planned Parenthood breach) it becomes more and more apparent that not only are people the problem, in many ways, however people are also the answer. The attackers can be found in various categories from insiders to hackers to organized crime and State sponsored terrorists, but at the end of the day, it’s individuals that are directing the attacks on organizations and are therefore the problem. And it’s people that are the primary targets exploited in the cyber attack, generally at the endpoint, where people access their connected corporate and individual worlds.
The endpoint (laptop, desktop, mobile phone, tablet) is the device that people utilize throughout their day to get their stuff done. Consider how typically you are connected to your endpoint( s). It’s a lot, right? Not only are these endpoints susceptible (see the Stagefright Android vuln for a good example), the people at the endpoint are typically the weak link in the chain that provide the opening for the enemies to make use of. All it takes is one person to open the incorrect e-mail, click to the wrong site or open the incorrect file and it’s game on. In spite of all the security awareness available, people will make mistakes. When discussing the Planned Parenthood breach my associate Mike Hamilton, who directs the product vision here at Ziften, provided an actually fascinating insight:
” Every company will have individuals against it, and now those individuals have the methods and mission to disrupt them or take their data. Leveraging existing blind spots, cyber criminals or even hackers have easy access through susceptible endpoints and use them as a point of entry to hide their activities, evade detection, exploit the network and prey on the targeted organization. It is now more important than ever for organizations to be able to see suspicious habits beyond the network, and certainly beyond merely their web server.”
People Powered Security
It makes good sense that cyber security services must be purpose built for the people that are defending our networks, and monitoring the habits of the people as they use their endpoints. But generally this hasn’t held true. In fact, the endpoint has actually been a virtual black box when it comes to having constant visibility of user behaviors. This has led to a dearth of information about what is really taking place on the endpoint – the most susceptible element in the security stacks. And cyber security solutions definitely do not appear to have the people defending the network in mind when silos of diverse pieces of information flood the SIEM with numerous false positive notifications that they can’t see the real threats from the benign.
People powered security allows viewing, inspecting, and responding by analyzing endpoint user habits. This needs to be done in a manner that is painless and fast because there is a big shortage of abilities in companies today. The very best technology will enable a level one responder to handle the majority of suspected dangers by providing simple and succinct info to their fingertips.
My security expert colleague (yeah, I’m fortunate that on one corridor I can speak with all these folks) Dr. Al Hartmann says “Human-Directed Attacks require Human Directed Response”. In a current blog, he nailed this:
” Human intelligence is more versatile and imaginative than machine intelligence and will always ultimately adjust and beat an automatic defense. This is the cyber-security versio of the Turing test, where a machine defense is trying to rise to the intellectual level of a skilled human hacker. At least here in the 21st Century, expert systems and artificial intelligence are not up to the job of completely automating cyber defense, the cyber attacker undoubtedly triumphs, while the victims lament and count their losses. Only in science fiction do thinking machines overpower human beings and take over the world. Do not accept the cyber fiction that some self-governing security software will outsmart a human hacker enemy and save your company.”
People powered security empowers well informed vibrant response by the individuals aiming to prevent the enemies. With any other method we are just kidding ourselves that we can stay up to date with enemies.