Thursday, February 5, 2015

How we monitor for problems and detect issues before the attack...

Utilizing our cloud based computing platform we are able to see attack information as it happens in real time. We are able to monitor Dark Net, Usenet and OSINT sources for relevant information concerning the activity of hackers and cyber criminals. We have been warning companies and advising them on what to look for but they don't seem to take our warnings seriously. And months later we read about issues in the news once they finally figure out that we were right in the first place.

It has happened numerous times in the past and will happen in the future unless these entities take our alerts seriously. Companies are too busy looking at their perimeter's to really get an understanding of what is really taking place. All too often the information is available to indicate a problem because once a site is breached typically other attacks are launched from that same infrastructure to other organizations. Using link analysis between companies and attacks that are being reported is a smart way to connect the dots folks. These technologies exist for a reason and as systems evolve they get better and better at predictive analysis based on past activity.

We sincerely hope you start putting the pieces together because the time of breach until there are actual notifications are usually around 12 months out. Anthem just caught the problem in 4 months but that means that they are better than average at detecting the problem but not stopping it.

If any of these companies took their security seriously they would consider utilizing big data to highlight problems before they are nightmares for the companies involved.

Quite honestly our team of volunteers are extremely good at detecting issues but we simply do not have the resources to do our analysis on a large scale. If we had the funding and additional resources we could certainly assist with these investigations but as of now we will continue to do large data analysis and warn the companies that we note as having problems in the hope that at some point a company will notice that we are way ahead of the "average" and help us get to a place where we can really be effective and assist law enforcement in containing these issues and actually finding the entities responsible for these data breaches. Until that happens we will continue to research, blog and watch from the sidelines.

If the Government were to really fund the cyber security initiatives and get private industry to bring technologies that work to market we could be a much bigger help in these cases but until that happens we will sit back and watch.

It's a shame really.

So here's what we suggest to help prevent these large breaches in the future. Stop withholding data when it comes to cyber security. Provide a clearinghouse where we can report issues and use the indicators of compromise that we have developed. I'm sorry but 95% of the technologies in use are reactive. You need analytics that can find trends and identify suspicious activity over the entire Internet connected infrastructure.

Until we have a view of the entire Internet we are confined to our own little LAN connected world and chances are somebody has already infiltrated your infrastructure. If you want to wait 12 months while they steal your data be my guest or hire us to come in a get rid of the badness and save yourselves some major embarrassment.

Later this week we will for the first time every compile a list of all of the organizations that we are more than 80% confident that have issues that need to be addressed. Our system is reporting on real world attacks and since we report on these attacks we are a major target. One good thing about being a target is that it forces attackers to show their infrastructure that they are using to attack us (and many others). Using this data we can quite quickly build out a clear picture of bad activity being directed at us and others.

Have a great week and we look forward to working with the ones that value their security posture.

No comments:

Post a Comment