Strengthening visibility in cyber defence

By Tanium

Alvin Tan, Regional Vice President, Tanium, shares how we can gain real-time visibility into IT tools and services.

“There are things we don’t know we don’t know.” Donald Rumsfeld, former United States Secretary of Defense, coined this phrase in response to the new age of unpredictability global terrorism represented. He explained that unknown unknowns were risks beyond expectation that would not even be considered.

In the cyber world, threat detection is a time-sensitive issue. However, dangers tend to lie hidden and mitigating vulnerabilities is easier said than done. Governments around the world struggle with identifying breaches, let alone resolving them quickly enough.

Alvin Tan, Regional Vice President at Tanium, shares how governments can increase visibility in an oftentimes murky minefield.

Rethink what you know

First, organisations need to know the exact specifications of hardware and software they are using.

Organisations are aware of the companies they are working with but tend to skim the surface on which softwares these third-party firms are using. A deep dive into the details is necessary because “you can’t protect what you don’t know”, says Tan.

How many applications does the software support and how often are they used? Where are the applications used? Agencies should ask these important questions so they can react in time when problems surface, Tan adds.

A recent threat that has emerged involves Log4j, a common tool that records everything that goes on in a computer system. Log4Shell is a vulnerability where attackers are able to remotely gain access to all data on a server that uses Log4j. This allows unauthorised personnel to steal information and disrupt operations on the affected machine.

Log4Shell poses major risks because companies will not know about this arbitrary attack unless they are actively combing through their devices. It has been dubbed one of the most serious vulnerabilities on the internet in recent years.

If ministries were able to pinpoint the exact location of Log4Shell in their software, they would be able to take measures to prevent, detect, and fix vulnerabilities. Unfortunately, many are still in the dark about whether their software contains Log4Shell. This has to change, Tan notes.

Real-time visibility

A service that can communicate with every device on a connected network in real-time would enable agencies to spot irregularities before it is too late.

It is essential to know what is happening in our hardware and software environment at all times, Tan highlights. An unresponsive device means that data somewhere is getting lost in translation. This calls for immediate investigation as it could imply that hackers have already infiltrated the software.

Tan likens the relentless scan and search process to a neighbourhood watch: “If the house next door is empty, it is only natural that we will wonder where its occupants are and check the situation out.” Similarly, constantly keeping a close eye on all devices helps governments identify vulnerable instances quickly.

Tanium has developed a tool that conducts a systematic search of every folder, file, and its contents. This means that a Log4j vulnerability will have nowhere to hide, exposing any potential sign of exploitation.

Fast and furious

On top of the attention to detail that goes into hunting for vulnerabilities, speed is also crucial in mounting an effective cyber defense. To defeat the most agile attackers, organisations must counter even faster.

The U.S. Air Force successfully defended against the WannaCry ransomware attack in 43 minutes with the help of Tanium. Responding swiftly is how we can reduce the likelihood of damage, Tan emphasises.

He has also worked with IT agencies to address vulnerabilities within short periods via patching. Patches fix security holes in software.

The company in question had over 10,000 missing patches before the intervention, leaving the software susceptible to attacks. Within just three days, the number of missing patches dropped to a little over a thousand.

Organisations need to stay ahead of ever-growing cyber vulnerabilities. But before they can decide what measures to adopt, they ought to understand that one cannot fix what they cannot see. The first rule is to let the unknowns become known.