Being the Hunters and Not the Hunted by Matt McKinley

Being the Hunters and Not the Hunted

You have the greatest firewall money can buy, an IPS at every major intersection of the network, AV on the endpoints, DLP and a pitbull.  You feel secure.  The checklist is complete.  But something is still amiss.  2012 was a banner year for sophisticated attacks.  Even with the list complete, hackers are still remarkably successful.  How can this be?

An interesting article found here, from a recent meeting of Nextgov Prime, highlights the fact that if we build a better mousetrap, the mouse evolves.  Compounding the problem of increasing hacker sophistication is that we are also relying on old assumptions that make us think we’re secure.  Remember that point technology checklists can be misleading.  This is because each one of these addresses a small part of the problem without really piecing it all together and providing intelligence  that point solutions cannot deliver (such as insight on overall network and host behavior).

Another interesting aspect of this article is the idea that we should simply assume that we have already been compromised and, operating on that assumption, shift gears to the mindset of security through behavior and visibility.  In the article, they refer to this idea as “hunting” to “create a hostile environment for the adversary.”  A successful hunt means being able to see the prey.   The more eyes we have looking for the prey, the more likely we are to spot it.  But how?

 Lancope’s StealthWatch System is the all-seeing eye on the network.  Using NetFlow generated by routers, switches, firewalls and other devices, StealthWatch can piece together a coherent, wide gaze over the network landscape to detect things such as odd user behavior, data exfiltration and the internal source of outbound hacking attempts, even beyond the perimeter.  Leveraging technology partnerships with security giants such as Cisco, Lancope can offer the security, visibility and context to be the hunter and not the prey.

 For more information on Lancope’s security solutions, go to:  http://www.lancope.com/solutions/security-operations/.