Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Network Security

The Elusive Goal of Network Security

While it’s never perfect, it can always get better 

While it’s never perfect, it can always get better 

You may have heard there was a recent breach at a major cell phone provider, exposing the personal information of about 40 million people. And what was the public response to this outrage? They yawned.

That hack was just one of thousands of breaches publicly reported in the first six months of 2021, hacks which exposed a total of 18.8 billion records. Most never made it into the evening news. Apparently even criminals are getting bored. Reuters cited a report from Vice saying that the seller had been offering data on 30 million of the mobile phone victims for 6 Bitcoin, or around $270,000. However, later reports suggested that the asking price had slumped, and the entire data cache was being unloaded for just $200.

Networking Security

With so much data theft going on, even as massive a heist as that one fails to generate much public concern. But becoming inured to the loss of privacy and bored about leaks of personal information is itself a great danger. That’s because shrugging off data breaches ignores the fact that in the United States today, just about everything is connected to the internet — and therefore susceptible to attack. Advanced hacking tools, including many developed by U.S. intelligence agencies for their own espionage purposes, have been stolen and made available to hostile countries. In some cases, they have been sold to criminal enterprises over the dark web. These exploitations not only have the ability to siphon off your personal information, they can also be used to shut down the power grid, computer networks, the air traffic control system, banks, water treatment plants, factories, communications, and just about everything else. 

In a recent well-documented book with the ominous title “This is How They Tell Me the World Ends,” New York Times cybersecurity reporter Nicole Perlroth explored the secretive market for zero-days – unpatched vulnerabilities discovered in frequently used software, capable of providing covert access to a network – as well as software companions created to exploit those flaws. Sometimes those hacks actually string together a series of zero days. And hostile nations are eager to acquire these tools. But while the offensive capabilities they present are huge, at least in the United States, they have not been matched by developments to defend against them – a dangerous imbalance.  

Yet, despite the growing public indifference, corporations and other organizations with operations vulnerable to disruption are taking cybersecurity very seriously. Security budgets have increased.  Cybersecurity specialists are in greater demand than ever. And security-related software is selling very well. Those are all good things. But there’s also a downside: as more security tools are deployed, and multi-vector attacks become more sophisticated, the number of alerts keeps going up. But not all of them rise to the same level of staff attention.  

In that respect, it’s similar to the issue with automatic fire alarm systems in many commercial buildings, which react to a wide range of potentially threatening events, including minor ones. Whenever something triggers them, local firefighters are obliged to suit up and respond. However, the incidence of actual fires associated with those alarms is typically only around two percent.  Particularly for volunteer fire companies, that high rate of false alarms gets old quickly. The problem is, those two percent can be devastating, and so cannot be ignored.  

Advertisement. Scroll to continue reading.

In the world of IT, it’s the same. More than 2,000 cyberattacks a day were reported to the FBI last year. But that doesn’t include the far larger number of unreported attempts which were thwarted by various defense mechanisms. A NSA data center in Utah, for example, is experiencing an incredible 300 million hacking attempts every day. That massive volume of alerts can easily overwhelm staff, hindering security teams from investigating the alerts that really DO matter. 

Because sorting through an avalanche of alerts can be exhausting, SIEM, or Security Information and Event Management software systems, a.k.a. Threat Intelligence Gateways, have become particularly valuable. These are systems which block known bad IP addresses and then learn by simulating assaults on the organization’s production network, essentially training themselves to spot and interpret unusual patterns associated with attacks. As a result, security teams can prioritize their efforts by weeding out the low-stakes threats and focusing instead on the telltale signs of serious compromise. The outcome: faster containment and shorter resolution times.

But while smart software defenders can be great, promoting good digital hygiene across the organization will always remain valuable. Strong passwords, multifactor authentication, zero-trust access, and alertness to phishing attempts are some of the best-known defensive methods. They can all help. But as the Solar Winds debacle demonstrates, even when you do everything right, malicious code can slip into your network, sometimes lurking undetected for months before being activated and doing harm.

With that in mind, here’s how I think companies should view cybersecurity:

1. Nothing is completely secure

2. No organization is too small to hack

3. There is a strong likelihood that some of your information has already been stolen

4. There is nothing you can do to prevent a persistent state-sponsored hack 

5. There are, however, meaningful steps you can take to deter or block criminal hackers

6. Plan ahead for how you can respond if you do suffer a cyberattack

Cybercriminals and malicious hackers have been very creative in finding ways to manipulate people and technology to steal data, infect systems, and seize control of assets. As a result, the defenses against cyberattacks keep changing. Security is not a once-and-done proposition – it is a constant process, and notwithstanding what different vendors might tell you, it’s not easy, and it’s never finished. But no matter how far you stray from having a perfect system — or how close you come to attaining one — the pursuit is always an essential and worthwhile investment of your time.

Written By

Marie Hattar is chief marketing officer (CMO) at Keysight Technologies. She has more than 20 years of marketing leadership experience spanning the security, routing, switching, telecom and mobility markets. Before becoming Keysight’s CMO, Marie was CMO at Ixia and at Check Point Software Technologies. Prior to that, she was Vice President at Cisco where she led the company’s enterprise networking and security portfolio and helped drive the company’s leadership in networking. Marie also worked at Nortel Networks, Alteon WebSystems, and Shasta Networks in senior marketing and CTO positions. Marie received a master’s degree in Business Administration in Marketing from York University and a Bachelor’s degree in Electrical Engineering from the University of Toronto.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...