I’ve been asked to speak on a panel at SecureWorld in Boston this month. The topic is Emerging Threats and at first I was interested in taking the “people” route. You know, the idea that users are bringing in more threats than actual hackers doing an active attack. There is some evidence to support that email is still be biggest vector into the data center.
The truth is: that is really cheap way to look at this problem. While it may be true, if we take that approach, it really means WE (“we” being IT) are the emerging threat since our prime directive is to support the user. Like TRON, baby!
But what if we were to look at emerging threats like a Fleet Admiral would look a battle?
We need to know what the other guy is doing. Throughout history military, commands placed the highest value on real-time intelligence. In the Revolutionary War, spies played a huge part. Then in the Civil War, it was hot air balloons. In WW1, it was biplanes; WW2 was airplanes. Now it’s satellites 22,236 miles above Earth.
See the thread connecting all of these? It’s height. Height gives us a greater picture of the battlefield.
Our biggest emerging threat is piss-poor visibility. Oh sure, we have had topology maps since the early days of WhatsUp Gold. But data centers have long evolved past the “star topology” into more of rhizome philosophy where we are dealing with multiple, non-hierarchical ingress/egress points in data interpretation.
Today’s visualization tools just cannot scale or abstract the way data is being delivered. This means admins use a multiple-window-pane model, which forces them to mentally correlate information. Now they are going through extra steps—switching back and forth between tools—to achieve situational awareness. Heck, many admins are using data tools like Splunk or Pentaho to data science their way out of this. Really, man? Has it really come to that?
Our biggest emerging threat is piss-poor visibility.
Is it any wonder that hackers slip by undetected? In a world where “false positives” is used as a verb, hackers are operating in the digital equivalent of the “Great Marianas Turkey Shoot.”
This is our leading emerging threat. We have the tools and the methods to stop these attacks. We just have to see them.
This is problem that many brilliant minds are currently working on. Check out VizSec and tools like Visual-I and MAYA. If you decide to look at a commercial product, make sure the vendor does a demo of an actual attack so you can see how to respond. Response time is critical to limiting damage.
Are the stakes high in your data center? Visibility is the great equalizer.