SHARE
Security / July 11, 2017

True Detective: See What Matters

Help Security Tools and Teams See What Matters

I recently watched The Day of the Jackal, a 1973 thriller about a plot to assassinate French President Charles de Gaulle. What started as a lark to see what Paris looked like in the early 70s turned into a fascinating glimpse into the technology of that era. As the investigators hurried to thwart the attack, they used what they had at their disposal: stacks of birth certificates, death certificates, passport applications and hotel registrations to first identify and then find the assassin. The amount of data was as overwhelming as their process was slow. 

Today, we operate at warp speed and with an even more overwhelming glut of data. Not only is it difficult to cull through, but nearly impossible to do so quickly and intelligently enough to prevent cyber threats. And yet, we still must find ways to be as smart as Inspector Claude Lebel (the best detective in France!) in detecting and mitigating them. 

Lebel did his homework, trusted his intuition, homed in on the threat and – spoiler alert – in the end, thwarted the bad guy. Even if it wasn’t before the bad guy could do any harm, it was before he was able to carry out his ultimate assassination objective. 

To Catch a Jackal

Just as the ruthless Jackal knew how to obtain a false passport, where to buy a custom-made rifle and how to hide in plain sight, today’s hackers know how to obtain false credentials, where to buy sophisticated malware and how to seduce via social engineering tactics. They, too, are ruthless. Only, unlike the solitary fictional assassin, today’s cyber Jackals are legion.

So what to do first? Act under the presumption that breaches will happen. That doesn’t mean ridding yourself of preventative tools – the familiar safeguards of firewalls, antivirus, good cyber hygiene – but it does require a mindset shift and use of innovative, new technologies that can speed the hunt for nefarious actors and advanced attacks. For example, real-time network visibility for situational awareness, machine learning to build context and uncover patterns, artificial intelligence to triangulate intent.

Security tools alone can’t be expected to sift through and inspect every data packet that traverses a network. In fact, when I think about the incredible volume of data flowing across enterprise networks, it’s no wonder security tools can become overwhelmed – whether by too many false positives or the computational burden of needless processing of low-risk data types like streaming media. I can almost hear them asking: “Like, alright already. Can you get to the point? Tell me something I care about? Give me something I can use? Show me what I need to see?”

It’s a cry for relevant data. And when speed is of the essence to combat advanced persistent threats, it’d be hard to argue that these tools couldn’t benefit from getting precisely the traffic they require at the right time to uncover anomalous or malicious network activity. 

I Scream, You Scream, Security Tools Scream

. . . for less noise. Whether tools were designed for prevention, detection, prediction, you name it, they all need relevant data to perform effectively and efficiently. Otherwise, they’re just wasting cycles on garbage, essentially. 

Finding patterns and uncovering clues within network noise requires both broad and granular visibility into plain-text and encrypted traffic and is essential for defense against advanced threats. So why not give your security tools the data they need – and only the data they need – so they can perform with greater accuracy and speed. Why not provide them the means to analyze suspicious packets contextually and in parallel by application, user and content type? And why not help yourself reduce risk, neutralize malicious activity and, even, begin to turn the tables on cybercrime. 

Like Lebel did, it’s about optimizing the tools and resources on hand and collaborating with partners – remember his strong partnership with Britain. Pinpoint and share with all of them the most relevant data possible and catch the relentless new Jackals of the cyber world.

Originally posted at SecurityWeek.


}
Back to top