Written By Michael Bunyard And Presented By Chuck Leaver CEO Ziften
Cyber security is all about people vs. people. Each day that we sort through the most recent attack news (like the current Planned Parenthood breach) it ends up being more and more apparent that not only are individuals the issue, in numerous ways, however people are likewise the answer. The attackers can be found in different classifications from insiders to hackers to organized crime and State sponsored terrorists, but at the end of the day, it’s people that are directing the attacks on companies and are therefore the issue. And it’s people that are the primary targets exploited in the attack, normally at the endpoint, where individuals access their connected business and personal worlds.
The endpoint (laptop, desktop, phone, tablet) is the device that individuals utilize throughout their day to get their stuff done. Think of how typically you are connected to your endpoint( s). It’s a lot, right? Not only are these endpoints susceptible (see the Stagefright Android vuln for a good example), individuals at the endpoint are often the weak spot in the chain that offers the opening for the enemies to make use of. All it takes is a single person to open the wrong email, click to the incorrect website or open the incorrect file and it’s game on. Regardless of all the security awareness in the world, individuals will make errors. When discussing the Planned Parenthood breach my coworker Mike Hamilton, who directs the product vision here at Ziften, offered an actually interesting insight:
” Every company will have people against it, and now those individuals have the ways and objective to interrupt them or steal their data. Leveraging existing blind spots, cyber criminals or perhaps hackers have easy access through susceptible endpoints and utilize them as a point of entry to conceal their activities, evade detection, exploit the network and victimize the targeted organization. It is now more vital than ever for companies to be able to see suspicious behavior beyond the network, and definitely beyond simply their web server.”
People Powered Security
It makes sense that cyber security solutions should be purpose built for the people that are protecting our networks, and keeping track of the behaviors of individuals as they use their endpoints. But typically this hasn’t been the case. In fact, the endpoint has actually been a virtual black box when it comes to having constant visibility of user behaviors. This has actually led to a dearth of details about what is really happening on the endpoint – the most vulnerable component in the security stacks. And cyber security services definitely don’t seem to have individuals protecting the network in mind when silos of disparate pieces of information flood the SIEM with so many false positive notifications that they can’t see the genuine dangers from the benign.
People powered security enables seeing, examining, and reacting by evaluating endpoint user habits. This needs to be done in a manner that is painless and fast due to the fact that there is a huge lack of skills in companies today. The very best technology will make it possible for a level one responder to handle the majority of suspected hazards by delivering simple and concise info to their fingertips.
My security expert associate (yeah, I’m fortunate that on one hallway I can talk to all these folks) Dr. Al Hartmann says “Human-Directed Attacks require Human Directed Response”. In a current blog post, he nailed this:
” Human intelligence is more versatile and innovative than machine intelligence and will always eventually adjust and beat an automated defense. This is the cyber-security versio of the Turing test, where a machine defense is trying to rise to the intellectual level of a proficient human hacker. At least here in the 21st Century, machine learning and artificial intelligence are not up to the job of fully automating cyber defense, the cyber aggressor inevitably is victorious, while the victims lament and count their losses. Only in sci-fi do thinking machines overpower humans and take over the planet. Don’t accept the cyber fiction that some self-governing security software will outsmart a human hacker enemy and save your organization.”
People powered security empowers well informed vibrant response by the people aiming to thwart the opponents. With any other method we are just kidding ourselves that we can keep up with attackers.