Published on September 14th, 2016 | by Tony Thompson
Advising the Commission on Enhancing National Cybersecurity: Isn’t it all about the Network?
The Commission on Enhancing National Cybersecurity (Executive Order 13718) has requested information about current and future states of cybersecurity in the digital economy. The Commission solicited input through a public Request for Information, and SS8 has recently provided our comments.
This is a notable effort, and we thank the Commission for taking our comments. In some ways though, this effort signals what many already know: Cyber attacks are getting past the billions of dollars spent on cybersecurity each year and that the attacks themselves have become more sophisticated and elusive.
Read SS8’s full comments to the Commission here.
But could this be a tipping point that helps stem the tide of persistent cyber attacks against public and private sector networks? Maybe. It’s certainly a step in the right direction. When the Secretary of Commerce is tasked by the Executive Order to “direct the Director of the National Institute of Standards and Technology (NIST) to provide the Commission with such expertise, services, funds, facilities, staff, equipment, and other support services as may be necessary to carry out its mission,” it certainly signals the gravity of the problem.
Our perspective and comments are pointed, and clear. We must begin to pay more attention to the network.
The network is the common denominator and holds the key to better understanding malicious activity. During a recent phone conversation with an analyst from the world’s top IT research firm, the analyst stated, “99.9% of bad things are seen at the network.” He added that the network is the “source of truth.”
We couldn’t agree more. SS8 is obviously somewhat biased here because of our longstanding expertise in network protocol extraction, but the logic is there. This doesn’t mean abandoning endpoint security, or perimeter defenses, or even stopping investment in threat research. But we can’t ignore the fact that today’s advanced attacks are coming in over the network, and the data exfiltration going out is happening over… wait for it… the network. It’s slipping past our firewalls, anti-malware, and a plethora of other security measures.
The super short summary of our comments is that we need to adopt a model of retrospective network visibility, where the latest threat intelligence is continuously applied to network history and user behavior. This will enable cybersecurity organizations to quickly uncover anomalous patterns on the network and find the advanced threats that are slipping past preventative security measures.
While we like to say “who cares if they get in, just don’t let them back out,” the reality is that there will always be a balance of preventative security measures, detection and response. Everyone wants prevention and blocking, but the conversation has shifted because that preventative model alone just isn’t doing the job.
Please check out our comments to the Commission on Enhancing National Cybersecurity and tell us what you think.