Skip to content

Update IV | Call of Duty – Modern Cyber Warfare

May 18, 2011

As I prepared to post a final installment in our Call of Duty series of posts (cautioning the return to service of Sony’s PlayStation and Online Entertainment networks, on the basis that it remains unclear whether the company fully understands how it’s networks were breached), two new stories broke.  The reality is that Sony HAD to get the networks back online as soon as possible: it had subscribers to its own networks as well as number of third party applications/services to placate, and there is no such thing as absolute network security.

The latest reports suggest we were correct in our original analysis.  The fact that it appears the password-reset page has been attacked (it has subsequently been taken down) suggests that there remained a real risk of further damage. Of course, every security professional knows that — as Sony’s Chief, Howard Stringer admitted – no organization can honestly claim their network is 100% secure; but there are risks and then there are RISKS. APT’s like the Sony attack demonstrate that the ‘bad guys’ will stop at nothing to cause commercial and reputational damage, and until there is enough intelligence to understand the risks, it doesn’t make sense to put services back live.

The only real protection against an advanced persistent threat is early detection. Identifying the vector of an attack, the target and the modus operandi of the virus or worm, for example, enables security analysts to understand the risk to their infrastructure and the data that belongs to both their organization and their customers, take proactive steps to limit both the scope of the attack, protect mission critical systems and data and issue appropriate warnings.  It also makes assessing the likelihood of ongoing problems much easier to evaluate.

Achieving this requires:

▪   Continuous monitoring of ALL security data – events alone aren’t enough to get the job done

▪ The ability to correlate every piece of security data on a network, regardless of it’s location or format, in real time

▪   The intelligence to take immediate action, often while an attack is still occurring, to limit the damage done

Sony’s Stringer describes the new cyber security landscape as the ‘bad new world’ that both commercial organizations and federal agencies face.  You certainly can’t fault his honesty.

We, and an increasing number of information security professionals around the world, are saying the best weapon for protecting large distributed networks from advanced persistent threats [APTs] is called Unified Situational Awareness.

Why not put it in your security armory?

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: