“If you know the enemy and know yourself you need not fear the results of a hundred battles.” – Sun Tzu, The Art of War
Widely acknowledged as a master of military strategy, Sun Tzu knew that victory comes down to understanding your enemies and yourself. So how do you go about this? The trend among security professionals has been to buy a new box to address a new threat or attack vector. Relying on a machine or a rule for protection can work well up to a point, but as threats evolve and evade defenses, you’re no longer protected. Blind protection doesn’t help you understand the who, what, when, where, and why of the battle.
To prepare for attacks today, you must assume you will be compromised. Given this reality, what’s your main asset to protect your organization and reduce risk? Visibility. That’s what will help you understand the adversary and the battlefield, so you can more quickly and effectively protect your organization. Let’s look at some of the ways global and local visibility can help you block more threats, accelerate detection, mitigate impact, and remediate faster.
Global visibility: Global visibility comes from a variety of sources such as millions of daily web requests, email messages, and malware samples from a community of users. More broadly, internet-wide scanning, decoy systems and other traps, as well as data from trusted sources and open source communities provide additional intelligence about adversaries and emerging threats to help prevent and mitigate risk. For example, we can see through analysis of this data that more adversaries now specifically seek to infiltrate organizations through susceptible browsers, plugins, and middleware. Visibility into these vulnerabilities can help you make sure browsers are secure, disable or remove unnecessary browser plugins, and prioritize middleware library updates and patches to help prevent malware infections in the first place. Attackers are also using internet infrastructure to launch attacks. Global visibility provides a complete view of bad domains and IPs where attackers are staging infrastructure to execute campaigns.
Local visibility: Telemetry from the endpoint to the network to the cloud lets you see what’s happening across your environment – the battlefield if you will. Visibility into your network is like having a map that’s always up to date with all the users, hosts, applications, files, mobile devices, virtual environments, threats, and vulnerabilities that exist in your constantly changing network. Continuously monitoring endpoints – watching, analyzing, and recording file activity – lets you know when a file with an unknown or previously deemed “good” disposition starts behaving badly. The trajectory of a file reveals where the malware originated, what systems were affected, and what the malware is doing. Visibility into traffic across the network can alert you to command and control communications. And tracking activity in cloud environments can surface sudden changes in employee login behavior or data transmission that could indicate malicious activity.
Situational Awareness. When you see more, you can protect more. Combining visibility with your knowledge of the business, you gain context that is critical as your business model shifts and the threat landscape evolves. Then, by applying machine learning, artificial intelligence, and advanced analytics you can achieve greater situational awareness than your opponent, and that ultimately leads to your success. You can discover malicious activity and threats hidden on your extended network before damage is done, and can anticipate emerging threats that may target your organization and block them faster.
For centuries, defenders have had one constant, overarching need – visibility. Today that translates into a security architecture that can integrate multiple best-in-class platforms and provide visibility across your infrastructure and out to the internet. Visibility will allow you to know your enemy and yourself. It drives situational awareness in a rapidly changing environment. And it enables you to master the art of war – making better decisions that will strengthen defenses and mitigate risk.