Cybersecurity is in the news and for good reason. Many of us have experienced firsthand what cybercriminals can do with our credit card numbers and our personally identifiable information being sold on the black market. In government, though, the stakes are higher. So it shouldn’t be a surprise that cybersecurity is on GAO’s High Risk List.
Government leaders are not just concerned about protecting the operations of federal information systems, but also with protecting critical infrastructure that is vital to our economy, safety, and health, such as power distribution, water supply, telecommunications networks, and emergency services.
Vulnerabilities abound in today’s technology-dependent world, and cybercriminals excel at exploiting weakness. Fortunately there are weapons organizations can deploy to fight back, and they fall into three main categories: people, tools, and data.
People: The First Line of Defense
A mantra heard around the beltway these days is that “security is everyone’s responsibility,” and it’s true. Organizations committed to cybersecurity are investing more in people, by hiring skilled security analysts—and sometimes augmenting their in-house security operations teams with outside security experts—as well as training the larger team on how to avoid common pitfalls. It only takes one person to accidentally click on a spear phishing email and let an attacker in. With increased awareness and better training, we can minimize the number of doors and windows we leave open, and make it more expensive for cybercriminals to break into our computer systems. However, that’s not enough to fight today’s cyber threats.
Security Tools: A Necessary Layer of Protection
Security tools are the second layer of defense. Next-generation firewalls, anti-virus, intrusion prevention systems, web gateways—these security tools all matter and have an important role to play. While experts agree that traditional signature-based defenses cannot prevent zero-day attacks or advanced persistent threats (because signature-based tools only protect against attack vectors that they are programmed to recognize) these traditional tools do provide a layer of protection. Today, many organizations augment traditional security defenses with advanced malware protection and newer threat prevention tools designed to protect from these never-seen-before types of attacks.
However, the combination of stronger teams and advanced tools is still not enough to beat today’s cybercriminals.
Data: Knowledge is Power
Data is emerging as perhaps the most important layer of defense. Data can be transformed into insight. Data lets us analyze behavior to look for anomalies and suspicious activity. One type of security data is the network traffic data, which one analyst refers to as “pure gold.” Think of network traffic data as a phone bill for activity on a network—it reveals who called who, when, and for how long. Network traffic data can also go one step further, and shed light on what transpired, what data was transferred, and whether any data was exfiltrated.
In the security field, we refer to the capture, storage, and analysis of network traffic data as “network forensics”—and it provides a powerful capability for incident response. With network forensics, organizations can analyze network traffic data to look back in time and investigate what happened while malicious code was present in a network. The latest cybersecurity data from the Verizon Data Breach Investigations Report shows that there is a significant lag between the time of intrusion and the time of discovery—it can be weeks, months, or longer. In the recent JPMorgan Chase data breach, the malicious code was present on their systems for two months before it was discovered. This delay between time of intrusion and detection means that organizations need to keep the network traffic data longer than in the past—on storage that scales both in terms of performance and capacity—so that there is a “flight data recorder” ready to be analyzed when a cyber attack occurs.
Data: The New Weapon in Fighting Cyber Attacks
Today’s cybercriminals are determined to exploit weaknesses. Today’s agencies are fighting back—with increased investments in people, tools, and their newest weapon: data.
Ready to Learn More?
Find out how to create a “Black Box” for your network. Here’s everything you need to know about creating powerful cybersecurity solutions for network forensics.