You need to know

I spend my days trying to share knowledge and insight around the subject of detection. Most of the world’s efforts in cyber security is about prevention, but if you have been breached, then you want to know it, and ASAP. So detect and notify.

When it comes to cyber security there is no silver bullet. It is like looking after your personal health. There is no once off treatment that will make sure you stay in good shape forever. Even if we do everything right, there is still no guarantee that something will surprise us, when we least expect it.

I am currently considering taking one of those Scan For Life procedures, just to check that all is ok. I would rather detect early on that something is wrong, then one day get caught off guard, and be in real trouble.

Detection technology is there as a proactive measure, to tell us if our other defenses have been compromised or bypassed.

Hacking is on the rise, and this problem is not ever going to stop. Like taking care of your body, and your health, it requires constant work to stay in good shape. With detection measures in places, we can try and figure out early on that there are cracks in our armor, and this will allow us to try save the day.

A smoke detector is a good example of a proactive measure that we are all familiar with. Just look up at the ceiling in your office, and the chances are you will see a smoke detector. If one of these detectors triggers an alarm, it means we can save people’s lives, our work, and the building. Smoke detectors sit there quietly, but if they ever do make a noise, then it means we need to act.

The space that I am active in is called “Deception Technology”. There are many different products in this domain, and they all aim to detect if your network has been breached. If there is a threat you need to know about it right away.

It is a simple idea, and it has a very important function. The problem it is addressing is fundamental: is there unsanctioned movement on your network? Are there intruders moving laterally on your infrastructure, looking for your assets? If so, you want an alert (an indication of something suspicious). You need to know.

It seems like a no brainer. Who would you say no. Especially when you consider the price of some of these technologies – they are generally affordable and simple to deploy. But, one of the big pushbacks I have heard enough times is this, “We are not ready. We won’t know what to do if we get an alert.”

I explain to people, every day, that in most cases, you will able to disconnect that computer or network segment, and breathe easier. If you are alerted to an intrusion then most of the time, the remedy is simple. Of course, if you discover that the rabbit hole is deep, then it may require some forensic investigation. The point is, if your health was threatened, in some way, you want to know about it. If you go for a scan or a blood test, and you get a warning, then at least you know. Sure, you may not know what to when receiving that news, but like the smoke detector going off, you know you need to do something. In this case, call the fire department.

What I can’t seem to understand is how people often push this aside and say “We will wait, we are not ready to deal with this.” But, again, surely you want to know right away. Find out and then you can deal with it. In the worst case, call me – I will find someone who can try and help you. But to not know seems like a strange outcome to accept and rationalize.

If your IT infrastructure or your physical health is compromised, you want to know. I can’t understand how people would not want to know. Not knowing would just would be irresponsible, in my view.

Here is another example that anyone who drives a car should relate to. If you go to fill up your car at the petrol station and someone points out that your tires look smooth and may need to be changed, then yes, you may not change then right away, but at least you now know, and you can drive a bit slower and be more careful on the road. And yes, if your tires are smooth you should change them. But to not know, or not want to know, is dangerous.