A well-lit network with no place to hide by Tim (TK) Keanini

This is my first blog post and I think an introduction is in order. My name is Tim Keanini and I go by TK. I am Lancope’s new Chief Technology Officer. Some of you may know me from my previous CTO position at nCircle, and some of you I have yet to meet. If you have been in IT Security for as long as I have, you have seen a lot of change. In particular, the bad guys are getting more clever and creative, so I joined Lancope to help fight the fight. It is my goal to ensure that the bad guys have no place to hide or persist on your networks.

When I was a young boy, my parents would always make sure the lights outside our home were on during the night, and this confused me. I thought that if the outside of the house was well lit, we were essentially helping the bad guys to see better and thus aiding them in their criminal activity. But in reality, having the outside of the house well lit meant that bad guys did not want to operate there because they would be easily detected. They could not evade detection – it was too well lit for all to see.

This is what I have come to believe is the value of a solution like Lancope’s StealthWatch System. Just like the folks in my neighborhood post signs in their front yard saying that the house is monitored by some name-brand security company, and the property is well lit at night for the neighborhood watch, such is the case with networks that have completely unsampled NetFlow being collected and analyzed by StealthWatch. While the threat may still be advanced, it cannot persist because there is just nowhere to hide!

The economics of cyber-attacks have changed over the years. Fifteen years ago, it was all about network penetration, but today the more advanced attackers are more concerned about being detected. Similarly, good bank robbers are concerned about breaking into the bank, but great bank robbers have mastered how to get out of the bank without any detection.

Network and security professionals now need to be asking themselves, how can I raise the cost to my adversary in terms of being detected? If they are easily detected on Organization A’s network versus hard to detect on Organization B’s, guess who they will go after? Of course, there is also the case where they really want you and no one else. On the one hand, congratulations for making it to the big leagues, on the other hand, you better step up your game!

When every router/switch/wireless access point and firewall are reporting unsampled flow records, and you are able to synthesize the data into actionable intelligence using a tool like StealthWatch, there is just nowhere for the adversary to hide. Once detected, they have to retool and try again; they have to go from automated to manual. Ultimately, you are making their cost of doing business more expensive, and that is the dominant defensive strategy required for today’s next generation of cybercrime and other advanced threats. Make it expensive for them to hide and you have a very real deterrent.

I look forward to sharing further insights as I become more entrenched in the Lancope ranks. I also welcome any feedback that you have for me. You can follow me on Twitter @tkeanini. In the meantime, stay safe and vigilant.

Follow Tim (TK) Keanini on .