Who Is

watching out for you?

In today's world you need to understand a few more things...

Who Is

knocking on your virtual front door?

It could be someone down the block or from the Bloc

Automate your very own Internet Rain Man

image of Lucas-Zaichkowsky - AccessData

26-Oct-2014 - If you’re dealing with a human hacker there’s nothing you can buy to protect yourself.

“Most vendors are competing on threat intelligence. We don’t do that,” said Lucas Zaichkowsky, Enterprise Defense Architect at Access Data who spoke with us prior to his presentation on the rise of threat detection and response at SecTor.

“Using one platform for cyber security that supports everything, we help enterprises build their infosec systems to incorporate incident response. We’re the Internet response side of Cyber Security.”

The typical problem of determining a breach is that an analyst has to jump from specialty product to specialty product. The analyst needs to be what Zaichkowsky calls an “Internet Rain Main”, doing copy-paste, copy-paste, between 15 different expert niche tools – as he’s the one who knows what to look for in threat intelligence. He likens it to a toddler throwing toys on the table.

ResolutionOne has single-pane view, on one platform.

“If you can automate alert validation you’re freeing up your analyst’s time and giving them contextual information about what they’re seeing,” Zaichkowsky said. “You can be looking at endpoint data and network reconstruction all in one screen, for one example. Our whole strategy is to consolidate and integrate capabilities and apply infrastructure as much as possible.”

Security analysts have logs, endpoint data, live response packages, and more. AccessData has one platform that has consolidated capabilities, can correlate data and reconstruct what happened.

It takes web feeds or XML and rules parse out that intelligence and normalize it. If it ran into binaries it automatically does static and simulated dynamic analysis with threat scoring. It vacuums all that up and applies it at the endpoint, for anything that matches, and watches network traffic.

“By shoulder surfing analysts we’re adding on complimentary capabilities,” said Zaichkowsky. “For example we’re integrating sandboxes to pull back results and integrate them automatically. As alerts come in the level 1 analyst can see open connections and other actions and take immediate action. We’re adding value by taking lessons learned and piping them back into your security organization, instead of security being some weird offshoot of IT.”

Binary malware analysis engine is built in, however many people prefer to use what they already have, so it’s designed to integrate with what you own now. 

“If you’re dealing with a human hacker there’s nothing you can buy to protect yourself,” Zaichkowsky said. “You have a firewall and AV, and a hacker getting around your preventative defenses one layer at a time. You need to rapidly detect, reconstruct what happened, and fully remediate. If all you do is close some back doors you’re too late to stop the hacker from meeting the goal of stealing data.”

Add to that those suffering “end point fatigue”. Executives have no visibility into those devices… sure the policies are pushed out, but they don’t know what’s going on.

Enterprise mobility management are preventative types of controls that don’t figure out what happened; there’s no detection or response.

“When you look at devices, they’re just like little computers. And they’re definitely vulnerable,” Zaichkowsky said. “We see the mobile endpoint as any other endpoint. It’s just another desktop running architecture other than x86.

“We push out an agent for iOS and Android. If you have a mobile access breakout, how are you going to know if they stole passwords? Your ResolutionOne server stores mobile endpoint activity history, processes data and creates historical data graphs. As a threat is detected, an alert is triggered, and direct action taken. It provides lots of comprehensive info. You don’t need kernel access to get stateful information from iOS.”

Publicity of an increasing number of breaches has forced security into the view of mainstream users and executives, who are finally getting the message that the slower the response, the greater the exposure.

“People are actually listening to us, which is really awkward,” said Zaichkowsky. “We used to jump up and down trying to get their attention, and now they can’t listen to us fast enough. Karma.”