Why speed is most crucial in cyber defense

By Tanium

How governments can move fast to tackle rising cyber threats.

The WannaCry ransomware attacks ravaged computer systems across more than 150 countries, but some organisations managed to stand tall amidst the terror. One of these, the US Air Force, had installed a new cybersecurity scanning tool less than a month before.

When the ransomware first emerged, Air Force IT teams used the tool to scan its entire network and automatically plug security gaps. The whole process took only 41 minutes thanks to the new software, instead of the usual days or weeks. The speed of this process was a key factor in the Air Force’s successful defense.

Indeed, speed is essential when it comes to cybersecurity. Alvin Tan, Regional Vice President of Tanium, the cybersecurity firm behind this software, shares how organisations can build up momentum to achieve instantaneous cyber visibility.

Cyber risks today

Cybercriminals have improved in the last ten years. In the past, attacks were designed based only on the type of equipment a company uses. Today, cybercriminals study potential victims’ weaknesses carefully and carry out much more targeted attacks, says Tan.

Hackers would look for weak links in the organisation and target them with social engineering techniques. For instance, they might send a crafted email to the HR or finance team, instead of the more-alert IT team, to lure them into clicking on a malicious link.

The cloud also makes security trickier. An organisation’s network parameters dissolve in the cloud, and it’s not possible to focus security controls in just one place. Cloud providers can protect the applications and data on their platform to some extent, but organisations still need to remain vigilant.

“When we see breaches in the cloud, it’s usually because the end user did not take care of their cyber hygiene,” Tan explains. One major financial institution in the US fell victim to a cloud breach because it misconfigured a firewall, he notes.

Remote working presents another risk to a company’s cybersecurity. Companies need to have complete visibility across their ecosystem and all their endpoints, which can be difficult when they are scattered across the country, Tan says.

Four steps to good cybersecurity

What can security teams do to secure their networks in the face of rising cyber threats? There are four key parts to an organisation’s cybersecurity strategy, Tan says.

The first is visibility. Organisations need to know what assets they have in their environment, the security controls imposed on these assets and whether they’re in good shape.

The second is cyber hygiene. Find and remediate vulnerabilities fast, and always patch software across all devices, whenever new patches are released, no matter where they are located. All employee devices should be properly configured to lower the risks of an intrusion.

The next step is ensuring good detection methods, so security teams know where to direct their efforts.

Lastly, once organisations know they are under attack, they need to be able to respond quickly to mitigate the damage. They should also think about how they can tighten their security controls so the same kind of breach doesn’t happen again.

The need for speed

Every time a new attack type emerges in the cyber world, organisations need to test if their security controls can stand up to it. Speed is crucial for this. “You’re dealing with an adversary which works at computer speed,” says Tan. Every second spent on figuring out the organisation's vulnerabilities increases the risk of being attacked.

Achieving this visibility can take days, however. Every device in an organisation has a unique risk profile, depending on its model, operating system and software, Tan explains. IT teams have to be able to check each of the devices for vulnerabilities or compliance drift at speed and at scale.

Tanium simplifies this process. Its search engine platform gives a risk assessment of each device within seconds, by connecting with all the devices in a company at the same time. IT officers can ask questions, just as they do on Google, to get crucial information on their devices. They need the information live from the endpoints, and not from databases where the data is outdated even if it is days old as the adversaries act with speed.

For instance, if security teams know that a Firefox vulnerability has popped up, they can ask the search engine if there are any Firefox applications installed in the company’s devices. They can then zoom in to ask which versions are running, and secure the versions that are vulnerable.

“It works a bit like a doctor and a patient. You ask questions to the devices to understand their symptoms and prescribe the right medicine,” Tan explains.

Organisations need to quickly understand their vulnerabilities in order to plan their cybersecurity strategy well. The instantaneous visibility that Tanium provides is fundamental for laying down a strong cyber defense.