Connect with us

Hi, what are you looking for?


Data Protection

If the CIA Isn’t Secure, Who Is?

The More Pervasive Transparency is Into the Network, the Better the Chances of Early Detection

Whether you’ve been hacked already or not, your chances of cruising through “connected” life unscathed are about as thin as a Seattle mixologist’s mustache these days. And that’s pretty scary—in more than one way.  

The More Pervasive Transparency is Into the Network, the Better the Chances of Early Detection

Whether you’ve been hacked already or not, your chances of cruising through “connected” life unscathed are about as thin as a Seattle mixologist’s mustache these days. And that’s pretty scary—in more than one way.  

Think about it. The CIA conducts extensive background investigations. It requires polygraph examinations to gain a security clearance and determine eligibility for access to classified information. I mean, I saw Meet the Parents. The applicant-screening process looks foolproof.

And yet, by all indications, a malicious insider still made off with a boatload of secret CIA hacking tools. 

The Devil Inside

It’s worrisome that our intelligence agencies can’t protect themselves from insider threats and scandal. But as reported by Reuters, “Government agencies estimate that there is one insider threat for every 6,000 to 8,000 employees.” Even if some quick math makes the percentage of possible threats seem low, think about the fact that federal, state, and local government employs about 22 million people. One bad breach alone can have far-reaching repercussions.

Plus, I think the The Doors had it right: People are strange. And to one degree or another, most anybody is corruptible. While the impure might be willing to sell out their country—or even their mother—for money and fame, the pure might be just as willing to do the same for a misguided ideology or religion. Then again, regardless of motivation, when it comes to cybersecurity, the goal for any organization remains the same: stop the bad guys. 

Advertisement. Scroll to continue reading.

If total prevention’s no longer an option, what is? Perhaps it’s time to shift focus and, instead, become expert at threat detection, prediction, and response. Together, these can form the foundation of a modern security architecture; one that’s all about providing pervasive and continuous monitoring along with advanced behavioral analytics to uncover any bad eggs that slip through—or, even, any good ones turned rotten. 

Keeping Abreast of Network Activity

Again, as evidenced by the CIA hack, sometimes, no matter how prepared you try to be, no matter how many policies and procedures you’ve put in place, no matter how healthy you try to stay, bad stuff can still happen. I was thinking about this while at a recent medical appointment.

Two biopsy needles were sticking out of my left breast when the radiologist asked me what I do for a living. I think it was a distraction tactic and I may have muttered something about cybersecurity . . . right before I passed out (me no likey needles). When I came to, it occurred to me that diagnostic mammography functions much like a network traffic visibility solution. Both are designed to help detect abnormalities (the potential devils inside) that might require further analysis.

Even though mammography can’t cure cancer and traffic visibility can’t cure data breaches, they can do an amazing job at providing better situational awareness. And that’s the first step toward uncovering a potential problem and enabling other, purpose-built security and analytics tools to investigate further—much like a pathologist would—and determine if an anomaly is benign or malignant. And with a diagnosis made, companies can use that intelligence to inform a follow-up course of action. 

Tools need context to differentiate between good and bad. In other words, they need 100 percent visibility into traffic traversing the network. Without it, a malware protection tool can’t determine if an executable is good or bad; a data loss protection tool can’t decide if a document should be allowed to leave a network. And really, what’s the use of having a tool if you can’t provide it the traffic it needs to do its job? 

The better and more pervasive transparency is into the network, the better the chances of early detection. If you can catch a bad guy before he’s had a chance to manipulate or exfiltrate data (Stage 0), your business will be in much better shape than if he’s already invaded every system, absconded with the crown jewels, and left you with nothing but a red skull flashing on your screen (stage 4).

You always think it’s not going to be you. That you won’t get hacked. That bad stuff happens to other companies, other people. Sooner or later though, your turn may come. First, will you be able to recognize it when it does? And, perhaps more important, be able to react appropriately?

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...