Final-Connect-Image.jpg

You Don't Need to Break Your Toys Because They 'Don't Work'

Posted by Tom Bain   |   July 12, 2013

shutterstock 146311121 resized 600Sometimes you can equate certain situations to others, i.e., actions you may take in your professional life might mimic actions you took as a child. 

I read an article yesterday that reminded me of when I broke one of my many Star Wars components as a kid - in fact, it was the Death Star Space Station, because it wasn't working. (not sure I even knew what it was supposed to do) My parents told me not to just break stuff simply because it didn't work, especially when I didn't take the time to figure why it wasn't working. I just wanted the Empire to win for a while, while I waited for Return of the Jedi to come out. 

The article I'm referring to was in Computerworld, where the U.S. Department of Commerce's Economic Development Agency destroyed $170K worth of computing equipment, due to malware infections. In fact, they were slated to actually destroy $3M worth of equipment, but stopped short of that. 

What happened in a nutshell was a miscommunication between the EDA and DHS regarding the extent of malware infections based on notifications sent and received, ultimately sent incident reponse teams scrambling - at one point for 2 infected systems, and then at one point for 146 infected systems. 

Then $2.7M was spent on an effort that etended out for months and months, still without a pinpointed, specific analysis of the threat, which was thought to be nation-state attacks. But how could you start to take action based on presumptions if a) you don't know which systems are infected b) you're unsure as to what precisely the threat is c) you don't have any type of capture of that threat?

Sure forensics ultimately helps identify the paths taken, assets targeted, specific sets of data exfiltrated, etc., but incident respone teams, in order to respond quickly yet effectively, need to sift through information quickly to make the right call. 

This situation didn't really get a lot of pick-up, but I suspect there are many teams who could use a solution that gives them automated intelligence so they don't have to guess or analyze what a particular attack or set of attacks is doing from a behavioral standpoint, at the endpoint.

This underscores that the new battleground in security is the endpoint. In this instance, if the origin conditions were established and the EDS had a reliable, intelligent solution like ours at CounterTack, they'd certainly reduce the number of false positives and get more accurate data to weigh the response correectly.

It also speaks to doing your homework on solutions that are different, not the same as everything else - revolutionary even. Understand what your security model should look like, and maybe what it might look like 2-3 years from now.

In other words, don't just take it and break it because something is not working. There's always a better solution, you just have to think about what would help and find it as opposed to busting it up and starting from scratch.

  

Topics: cybersecurity, Tom Bain, malware infection, malware analysis, Scout, Sentinel, automated security intelligence, automated security, endpoint security, CounterTack

Subscribe to Email Updates

Posts by Topic

see all