Without Visibility Your Incident Response Will Cost You Money – Chuck Leaver

Written By Kyle Flaherty And Presented By Ziften CEO Chuck Leaver

 

It was quite a day on July 9 2015 in the world of cyber security. The first thing to take place was the grounding of flights by United Airlines due to a technical problem, this was followed just afterwards by the New York Stock Exchange (NYSE) revealing they had to halt trading. This report originated from the Wall Street Journal as you would expect, and they went offline just after.

This caused total panic on the Internet! There was a massive buzz on Twitter and there were a great deal of rumors that a well collaborated cyber attack was happening. People were jumping off the virtual bridge and stating a virtual Armageddon.

There was overall chaos till the 3 companies declared in public that the problems were not associated with cyber attacks however the feared unknown “technical glitch”.

Visibility Is The Concern For Attacks Or Glitches

In today’s world it is assumed that “glitch” means “attack” and it is true to state that a good team of hackers can make them look the very same. There are still no information about the events on that day and there most likely never ever will (although there are rumors about network resiliency problems with one of the most significant ISPs). At the end of the day, when an occurrence like this happens all organizations require to know why.

Statistics suggest that each hour of incident response might cost thousands of dollars an hour, and in the case of services such as United and NYSE, downtime has actually not been taken into consideration. The board of directors at these companies don’t wish to hear that something like this will take hours, and they might not even care how it occurred, they just want it fixed rapidly.

This is why visibility is always in the spotlight. It is crucial when emergency situations strike that a company understands all of the endpoints in their environment and the contextual habits behind those endpoints. It might be a desktop, a server, a laptop and it might be offline or online. In this modern-day era of security, where the concept of “prevent & block” is not a suitable method, our capability to “rapidly identify & respond” has actually ended up being increasingly more critical.

So how are you making the shift to this brand-new age of security? How do you minimize the time in determining whether it was an attack or a glitch, and exactly what to do about it?