Visualizing Threats

Visualizing Threats

on Jan 25, 2017 in Insights

Preventing the breach through cybersecurity x-ray vision

This is the second tenet in our three part series defining our perspective on cybersecurity. Read the first article on Redefining the Perimeter.

The technological advances we see regularly everyday are stunning. Sometimes they go beyond human capacity, so “enhancements” have to be added to make them usable for humans. Boeing provides a unique example that meshes military technology with Hollywood flair.  The company created a laser that automatically shoots flying targets such as enemy drones out of the sky. It's an amazing piece of technology, except that operators had absolutely no idea when it fired since the laser is both silent and invisible. Waiting for enemy objects to fall out of the sky or staring at a screen all day for alerts just didn’t seem reasonable, so the scientists resorted to a unique method to make the technology accessible to humans. They added sci-fi laser sound effects from Star Wars & Star Trek to alert the operator when the automated laser fires.  It sounds like a funny concept, but it addresses a real issue. We humans use our senses to gather feedback, which allows us to stay aware of situations.

So Why is This Relevant to Cybersecurity?

Cybersecurity faces a very similar challenge. Cyberattacks, the resulting impact, and the associated defense methods are invisible and silent. Admittedly, there have been some novel approaches to visually depicting real-time cyberattacks, such as the live map from Norse (http://map.norsecorp.com). This is definitely a good start to helping the general public gain awareness about the intensity and frequency of attacks happening across the internet, with a little bit of added glitz. 

Visualizing the stream of cybersecurity activity, such as suspicious threats in and around your environment, is a basic building block for good IT security hygiene. It helps to answer what is actually happening. However, the amount of data noise that technology generates is truly unwieldy.  Those that have tried to find the valuable signals within the tidal wave know this to be a daunting challenge. In addition, it assumes the existence of an intruder and most of the value gained through this difficult task is decidedly Post-Incident. Although this attention is required, it presents a "one-handed clapping" scenario, since this valuable information isn't paired with equivalent Pre-Incident information that answers the important question of how the environment should have been secured in the first place. 

Architecture + Activity = True Situational Awareness

The glaring conclusion we can draw from the regular stream of terrible data breach headlines is that we do not know enough about our technology environments to sufficiently protect them. So how can we gain the knowledge to battle the continuous technology threats we face with true situational awareness? It comes from understanding the complete blueprint for your IT landscape, the architecture, in addition to the activity. 

When done properly, IT security visualization should provide valuable information on pathways, entries, and exit points designed to help the business, but also leveraged by an attacker to accomplish their nefarious goals in the IT environment. We refer to this visualization as the Network Security Graph. By graph, we aren’t referring to bar and line charts. We mean graph structures that showcase connections through the use of nodes and edges. The nodes represent the individual technology components that we have to secure. The edges are the connections and relationships between those nodes. It’s a classic network diagram on steroids.

Now, imagine a network security graph that represents the complete IT environment, overlaid with continuously updating data on the critical configurations of each technology, their associated weaknesses, and vulnerabilities. Armed with this type of capability, we can then definitively prioritize our cybersecurity activities with x-ray level vision. We can then better seek to address credible threats based on business impact and probability, the key elements required to intelligently manage risks.

The End Result 

With this approach, we would have a solution to distill the complexities of cybersecurity in an understandable visual that business executives and IT security staff could use to communicate and agree on. Critical decision-making on security spend can then proceed with greater confidence and rationale, rather than chasing the latest security fad, or arbitrary root causes. 

So does all this sound like a pipe dream? This vision is achievable by combining cybersecurity expertise with sound analytics. Liongard is working hard to create a solution that accomplishes just that!   

Reference: 

Get the latest insights from Liongard