Chuck Leaver – You Need Visibility Because Time Is Money With Incident Response

Written By Kyle Flaherty And Presented By Ziften CEO Chuck Leaver


It was quite a day on July 9 2015 in the world of cyber security. The first thing to take place was the grounding of flights by United Airlines due to a technical problem, this was followed just later on by the New York Stock Exchange (NYSE) announcing they had to halt trading. This report originated from the Wall Street Journal as you would expect, and they went offline soon after this.

This caused total panic on the Internet! There was a massive buzz on Twitter and there were a great deal of rumors that a well collaborated cyber attack was occurring. Individuals were jumping off the virtual bridge and declaring a virtual Armageddon.

There was overall mayhem till the three companies stated in public that the problems were not associated with cyber attacks however the feared unknown “technical glitch”.

Visibility Is The Problem For Cyber Attacks Or Glitches

In today’s world it is assumed that “glitch” indicates “attack” and it is true to state that a great group of hackers can make them look the same. There are still no details about the incidents on that day and there most likely never will (although there are rumors about network resiliency concerns with one of the most significant ISPs). At the end of the day, when an incident like this happens all organizations need to know why.

Stats recommend that each hour of incident response may cost thousands of dollars an hour, and in the case of organizations such as United and NYSE, downtime has not been taken into consideration. The board of directors at these businesses do not want to hear that something like this will take hours, and they might not even care how it happened, they simply want it resolved quickly.

This is why visibility is constantly in the spotlight. It is crucial when emergencies strike that a company understands all of the endpoints in their environment and the contextual habits behind those endpoints. It might be a desktop, a server, a laptop computer and it might be offline or online. In this modern-day era of security, where the principle of “prevent & block” is not an appropriate strategy, our ability to “quickly discover & respond” has ended up being increasingly more important.

So how are you making the shift to this new period of cyber security? How do you reduce the time in determining whether it was an attack or a glitch, and exactly what to do about it?


Leave a Reply

Your email address will not be published. Required fields are marked *