Sometimes it really helps to state the obvious.
General Keith Alexander, director of the NSA, was quoted by FederalNewsRadio.com yesterday as saying “If we can’t see the attack, we can’t stop it.” See the full story here. He was apparently trying to underscore the need for the private sector to share more information on cyber attacks. He argued that with greater reporting of the attacks, the government would be in a better position to help. I’ll buy that.
But I think we’re getting ahead of ourselves. If organizations don’t see the attack, what are they going to share?
I’ve heard CSOs in the private sector use the exact same words to describe their biggest challenge. “If I can’t see the attack, I can’t stop it,” or “I’m blind to an attack once it’s inside my network.” Aren’t those the ones that matter most?
Multiple layers of defensive solutions are necessary, but clearly not sufficient by themselves. Firewalls, anti-virus, IPS and malware protection solutions are all helpful tools to block an attack, but they only stop what they recognize and see what they stop. Seems self-evident, but what about the attacks they don’t recognize – the ones that get through?
Unfortunately, organizations aren’t very good at this yet. Is it lack of tools? A lack of training and experience? It’s all of these things and more. Organizations are limited by outdated thinking. Meanwhile, the cyber security industry has been all too happy to perpetuate the myth that we can stop the barbarians at the gate. The barbarians have already gotten inside. The question is, what are you going to do about it?