I have always liked a good heist movie. Ocean’s Eleven, The Italian Job, The Great Train Robbery, there are a ton of good examples. What always strikes me in these movies is not just the great lengths the criminals go to in order to pull off their heist, but it strikes me that while the heist is going on, the people protecting whatever it is, are completely unaware they are being robbed until it is too late. This strikes me because it is also very true in the cyber security world. Just like the security guards protecting Terry Benedict’s vault in Ocean’s Eleven, a lot of IT Security organizations don’t know they have been compromised until it is too late. With so much focus on security and so many new technologies on the market, how does this trend continue?
From my experience as a cyber security leader as well as a provider of cyber security technology, I think there are a couple of reasons for this trend. The first reason is that security teams often detect attacks, but do not realize the full extent of what they have detected. For example, security teams regularly find pieces of malware. Most of the time, they clean up the malware, put another tick in the “win” column, and move on. Malware detected. Malware removed. Job well done. Unfortunately, many times that one piece of malware is not the entire story; it is the tip of the iceberg.
Having the visibility and detection capability to identify malware is step one. Being able to learn everything you can from that malware and use it to identify other malware or other elements of an attack is step two. Most technologies on the market do not address step two. This is where the Analytical Pivoting™ built into the Morphick Defense Platform comes into play.
Analytical Pivoting™ enables defenders to learn all they can from what they just detected. Analytical Pivoting™ allows security teams to pull threads and very quickly determine whether the incident they just detected is an isolated incident or part of a broader campaign. This is not a new idea. Many analysts already do this. If they find an email with a malicious URL, they check their internet logs to see if anyone has communicated with the URL. They may also check browser histories to see if any endpoints have visited the site while not on the corporate network. The challenge is that this kind of analysis not only relies on having extensive logs, but it also takes a considerable amount of analyst time.
Even the best analysts are often hindered in how deeply they can investigate every alert simply because it takes so much time. The Morphick Defense Platform not only provides the data needed for this kind of analysis, but also puts it at the analysts’ fingertips. In seconds, an analyst can tell if a URL was ever seen in an email, on the network, or on an endpoint. Morphick does the same for files as well. Did you find a new piece of malware in your environment? Wouldn’t it be nice to quickly find every machine in your environment that has that file? Wouldn’t it be even better to be able to tell if that file ever traversed your network or if it came in as an email attachment?
This kind of analysis, having the ability to take one data element and pivot on it to see everything associated with that data element, helps analysts not just identify attacks, but quickly determine the full extent of the attack. A new piece of malware is found in the environment. Identify where else that malware exists in the environment…scope the attack. Identify how the malware entered the environment…root cause. Often we find that investigations start with one new piece of malware which leads us to a previously unknown malicious website which leads us to other previously unknown malware which then leads to other things. Analytical Pivoting™ allows the analyst to follow every thread to its end.
With the Analytical Pivoting™ built into the Morphick Defense Platform, analysts no longer need to wish that they had the time to investigate every alert to its fullest; they can make in depth analysis part of their standard operating procedures. Find the attacks…learn from the attacks…Win Every Attack.
