Security Experts:

True Detective: See What Matters

Help Security Tools and Teams See What Matters

I recently watched The Day of the Jackal, a 1973 thriller about a plot to assassinate French President Charles de Gaulle. What started as a lark to see what Paris looked like in the early 70s turned into a fascinating glimpse into the technology of that era. As the investigators hurried to thwart the attack, they used what they had at their disposal: stacks of birth certificates, death certificates, passport applications, hotel registrations, etc., to first identify and then find the assassin. The amount of data was as overwhelming as their process was slow. 

Today, we operate at warp speed and with an even more overwhelming glut of data. Not only is it difficult to cull through, but nearly impossible to do so quickly and intelligently enough to prevent cyber threats. And yet, we still must find ways to be as smart as Inspector Claude Lebel (the best detective in France!) in detecting and mitigating them. 

Lebel did his homework, trusted his intuition, homed in on the threat, and (spoiler alert), in the end, thwarted the bad guy. Even if it wasn’t before the bad guy could do any harm, it was before he was able to carry out his ultimate assassination objective. 

To Catch a Jackal

Just as the ruthless Jackal knew how to obtain a false passport, where to buy a custom-made rifle, and how to hide in plain sight, today’s hackers know how to obtain false credentials, where to buy sophisticated malware, and how to seduce via social engineering tactics. They, too, are ruthless. Only, unlike the solitary fictional assassin, today’s cyber Jackals are legion.

So what to do first? Act under the presumption that breaches will happen. That doesn’t mean ridding yourself of preventative tools (the familiar safeguards of firewalls, antivirus, good cyber hygiene), but it does require a mindset shift and use of innovative, new technologies that can speed the hunt for nefarious actors and advanced attacks. For example, real-time network visibility for situational awareness, machine learning to build context and uncover patterns, artificial intelligence to triangulate intent.

Security tools alone can’t be expected to sift through and inspect every data packet that traverses a network. In fact, when I think about the incredible volume of data flowing across enterprise networks, it’s no wonder security tools can become overwhelmed—whether by too many false positives or the computational burden of needless processing of low-risk data types like streaming media. I can almost hear them asking: “Like, alright already. Can you get to the point? Tell me something I care about? Give me something I can use? Show me what I need to see?”

It’s a cry for relevant data. And when speed is of the essence to combat advanced persistent threats, it’d be hard to argue that these tools couldn’t benefit from getting precisely the traffic they require at the right time to uncover anomalous or malicious network activity. 

I Scream, You Scream, Security Tools Scream

. . . for less noise. Whether tools were designed for prevention, detection, prediction, you name it, they all need relevant data to perform effectively and efficiently. Otherwise, they’re just wasting cycles on garbage, essentially. 

Finding patterns and uncovering clues within network noise requires both broad and granular visibility into traffic (plain-text and encrypted) and is essential for defense against advanced threats. So why not give your security tools the data they need—and only the data they need—so they can perform with greater accuracy and speed. Why not provide them the means to analyze suspicious packets contextually and in parallel by application, user, and content type? And why not help yourself reduce risk, neutralize malicious activity, and, even, begin to turn the tables on cybercrime. 

Like Lebel did, it’s about optimizing the tools and resources on hand and collaborating with partners (remember his strong partnership with Britain). Pinpoint and share with all of them the most relevant data possible and catch the relentless new Jackals of the cyber world.

view counter
Erin O’Malley is an incident response delivery support manager at Accenture Security, FusionX, Cyber Investigation and Forensics Response (CIFR), where she teams with incident responders and threat hunters to document and catalog incident report findings and highlight the value of taking an adversary-based approach to minimize the risk, exposure, and damage of cybersecurity incidents. Prior to joining Accenture, Erin was a security solutions marketing manager at Gigamon. Other past roles have included product marketing for virtualization and cloud security solutions at Juniper Networks and customer marketing at VMware. She has written and edited for GE Digital, WSGR, Business Objects, and the TDA Group, and holds a B.A. in French from Penn State University and an M.A. in French from Middlebury College. The opinions and statements in this column are solely those of the individual author, and do not constitute professional or legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates. No representations or warranties are provided, and the reader is responsible for determining whether or not to follow any of the suggestions or recommendations, entirely at their own discretion.