Cybersecurity Is A Person Versus Person Battle
Security is about people vs. people. And each morning as we sift through the latest attack news (like the Planned Parenthood breach yesterday) it becomes more and more apparent that not only are people the problem, in several ways, but people are also the solution. The attackers come in various broad categories from insiders to hacktivists to organized crime and State-sponsored terrorists, but at the end of the day, it’s people that are directing the attacks on organizations and are therefore the problem. And it’s people that are the primary targets exploited in the attack, typically at the endpoint, where people access their connected business and personal worlds.
The endpoint (laptop, desktop, phone, tablet) is the device that people use throughout their day to get their jobs done. Think about how often you are attached to your endpoint(s); It’s a lot, right? Not only are these endpoints vulnerable (see the Stragefright Android vuln today for a prime example), the people at the endpoint are often the weak link in the chain that provide the opening for the attackers to exploit. All it takes is one person to open the wrong email, click to the wrong website or open the wrong file and it’s game on. Despite all the security awareness in the world, people will make mistakes. When talking about yesterday’s Planned Parenthood breach my colleague Mike Hamilton, who directs the product vision here at Ziften, offered a really interesting insight:
“Every organization will have people against it, and now those people have the means and mission to disrupt them or steal their data. Leveraging existing blind spots, cyber-criminals or even hactivists have easy access through vulnerable endpoints and use them as a point of entry to conceal their activities, evade detection, exploit the network and victimize the targeted organization. It is now more important than ever for organizations to be able to see suspicious behavior beyond the network, and certainly beyond simply their web server.”
It makes sense that cybersecurity solutions should be purpose-built for the people that are defending our networks, and monitoring the behaviors of the people as they use their endpoints. But traditionally this hasn’t been the case. In fact, the endpoint has been a virtual black box when it comes to having continuous visibility of user behaviors. This has led to a dearth of information about what is really happening on the endpoint – the most vulnerable component in the security stacks. And cybersecurity solutions certainly don’t seem to have the people defending the network in mind when silos of disparate pieces of information flood the SIEM with so many false positive alerts that they can’t see the real threats from the benign.
People powered security enables viewing, inspecting, and responding by analyzing endpoint user behavior. This needs to be done in a way that is painless and fast because there is a huge shortage of skills in organizations today. The best technology will enable a level one responder to deal with the majority of suspected threats by delivering simple and concise information to their fingertips.
My security guru colleague (yeah, I’m lucky that on one hallway I can talk to all these folks) Dr. Al Hartmann says “Human-Directed Attacks require Human Directed Response”. In a recent blog, he nailed this:
“Human intelligence is more flexible and creative than machine intelligence and will always eventually adapt and defeat an automated defense. This is the cyber-security version of the Turing test, where a machine defense is trying to rise to the intellectual level of a skilled human hacker. At least here in the 21st Century, machine learning and artificial intelligence is not up to the task of fully automating the cyber defense, the cyber attacker inevitably triumphs, while the victims lament and count their losses. Only in science fiction do thinking machines overpower humans and take over the planet. Don’t subscribe to the cyber fiction that some autonomous security software will outwit a human hacker foe and save your organization.”
People powered security empowers well-informed dynamic response by the people trying to thwart the attackers. With any other approach we are just kidding ourselves that we can keep up with attackers.