The phrase from GI Joe of ‘Knowing is half the battle’ is true in so many ways as we read about B2B and B2C companies being hacked. This picture depicts well the situation in which things get a lot worse before they get better when a targeted attack like this happens. Only after the breach is determined can the uphill battle begin to determine exit points in the network and plug the holes.
This is evident from the attack incident like the one that hit Target, Home Depot, among others over the last several months and years.
But in the real world, most security teams don’t have time to read through thousands of lines of log messages. One of the common problems with a lot of security-alerting devices is that they generate such large volumes of data that they cause information overload. It’s unfair to expect security teams to perform the almost-impossible task of digesting the cryptic signals provided by these systems, analyze the impact, and take corrective measures to fix the problems.
That is why enterprises should revisit their defenses, not just in the context of having technology to detect threats, but also having ways to simplify the processing of threat data and to support processes that empower people to take action. In the case of Target, the security messages flagged got dropped at some point in the process and were not acted upon, which is more of a process issue than a technology issue.
So consider this: What if you had a way to identify all the devices connected to your network—even the coffee maker—and could determine where they are connecting on the Internet? What could you do with that information? You could more quickly identify threats, for one thing.
This is one of the main advantages of the Infoblox Grid™ with its centralized database containing all device information, including operating systems and hostnames. It can be leveraged to:
1. Prevent unauthorized access to the Internet (An Infoblox customer had to find an XP-based ultrasound machine that had been compromised and was reaching out to a command-and-control server on the Internet.)
2. Quickly identify and isolate impacted devices (Security appliances may identify a problem in part of the network, but Infoblox DNS Firewall applies that information to all the network traffic to find additional infected devices.)
3. Corrective measures and remediation (If a particular operating system is hosting malware, it is much easier to create a policy to isolate devices running that operating system by automatically blocking their network access.)
Hopefully, incidents like this attack and so many others will change the approach to security—from throwing money at expensive appliances to addressing the root causes of the age-old people-and-process element.