Skip to content

A Tale of Two Breaches: Part III

June 7, 2011

As we’ve always said, data breaches will happen.  What separates an organization that successfully defends against an attack — or at least minimizes the damage – and one that suffers significant damage to their revenue, reputation and possibly even their viability is how quickly and effectively they can respond.  Nobody should be looking sternly at Sony because they experienced a data breach (although, they do get a dirty look for having sensitive unencrypted data on their network, but that’s a story for another thread).  Instead, we should look at how they were unable to respond like Lockheed.

In both organizations, detecting an attack and/or breach requires visibility into what’s going on, in as nearly a real-time mode as possible.  Clearly, Lockheed had the necessary visibility and timeliness of data to detect their breach.  Although we don’t know the forensic details of their successful remediation of an attack, it’s likely that it involved automated, real-time collection of a broad range of security data and metrics, including events, network traffic, system changes, performance metrics, and other data, automated correlation of the data, and both automated and human-based analysis of all that data.  Does that sound like a familiar mantra?  It should… it’s a real-world example of situational awareness.

To be clear, situational awareness is a capability, not a technology; in the interest of full disclosure, Lockheed Martin is not an eIQnetworks customer.  However, they clearly “get” the concept, and had the necessary people, processes and technologies in place to detect this kind of attack. If we could get everyone else to take a page out of their playbook, the likelihood — and by extension, the risk – from advanced persistent threats would be considerably less than it is today, and more organizations would be able to say, “we successfully defended against an attack”, rather than, “we lost a lot of our customers’ data.”

No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: