Security / April 21, 2017

If the CIA Isn’t Secure, Who Is?

The More Pervasive Transparency Is into the Network, the Better the Chances of Early Detection

Whether you’ve been hacked already or not, your chances of cruising through “connected” life unscathed are about as thin as a Seattle mixologist’s mustache these days. And that’s pretty scary—in more than one way.  

Think about it. The CIA conducts extensive background investigations. It requires polygraph examinations to gain a security clearance and determine eligibility for access to classified information. I mean, I saw Meet the Parents. The applicant-screening process looks foolproof.

And yet, by all indications, a malicious insider still made off with a boatload of secret CIA hacking tools. 

The Devil Inside

It’s worrisome that our intelligence agencies can’t protect themselves from insider threats and scandal. But as reported by Reuters, “Government agencies estimate that there is one insider threat for every 6,000 to 8,000 employees.” Even if some quick math makes the percentage of possible threats seem low, think about the fact that federal, state, and local government employs about 22 million people. One bad breach alone can have far-reaching repercussions.

Plus, I think the The Doors had it right: People are strange. And to one degree or another, most anybody is corruptible. While the impure might be willing to sell out their country—or even their mother—for money and fame, the pure might be just as willing to do the same for a misguided ideology or religion. Then again, regardless of motivation, when it comes to cybersecurity, the goal for any organization remains the same: stop the bad guys. 

If total prevention’s no longer an option, what is? Perhaps it’s time to shift focus and, instead, become expert at threat detection, prediction, and response. Together, these can form the foundation of a modern security architecture; one that’s all about providing pervasive and continuous monitoring along with advanced behavioral analytics to uncover any bad eggs that slip through—or, even, any good ones turned rotten. 

Keeping Abreast of Network Activity

Again, as evidenced by the CIA hack, sometimes, no matter how prepared you try to be, no matter how many policies and procedures you’ve put in place, no matter how healthy you try to stay, bad stuff can still happen. I was thinking about this while at a recent medical appointment.

Two biopsy needles were sticking out of my left breast when the radiologist asked me what I do for a living. I think it was a distraction tactic and I may have muttered something about cybersecurity . . . right before I passed out (me no likey needles). When I came to, it occurred to me that diagnostic mammography functions much like a network traffic visibility solution. Both are designed to help detect abnormalities (the potential devils inside) that might require further analysis.

Even though mammography can’t cure cancer and traffic visibility can’t cure data breaches, they can do an amazing job at providing better situational awareness. And that’s the first step toward uncovering a potential problem and enabling other, purpose-built security and analytics tools to investigate further—much like a pathologist would—and determine if an anomaly is benign or malignant. And with a diagnosis made, companies can use that intelligence to inform a follow-up course of action. 

Tools need context to differentiate between good and bad. In other words, they need 100 percent visibility into traffic traversing the network. Without it, a malware protection tool can’t determine if an executable is good or bad; a data loss protection tool can’t decide if a document should be allowed to leave a network. And really, what’s the use of having a tool if you can’t provide it the traffic it needs to do its job? 

The better and more pervasive transparency is into the network, the better the chances of early detection. If you can catch a bad guy before he’s had a chance to manipulate or exfiltrate data (Stage 0), your business will be in much better shape than if he’s already invaded every system, absconded with the crown jewels, and left you with nothing but a red skull flashing on your screen (stage 4).

You always think it’s not going to be you. That you won’t get hacked. That bad stuff happens to other companies, other people. Sooner or later though, your turn may come. First, will you be able to recognize it when it does? And, perhaps more important, be able to react appropriately?


Originally posted on SecurityWeek.

Back to top