Is your Cybersecurity 3 Strong? ( Continued)
3 of 3 – Is it Insight Driven
“Where ignorance is bliss, ‘tis folly to be wise”
Probably right in other fields of life but not in cybersecurity. Healthcare providers around the world are waking up to a new reality: ‘what you don’t know can hurt you badly’.
This is particularly true when it comes to the recent spike in attack by malware called VPNFilter. According to the Cisco security team, this malware has affected over half a million devices in 54 countries and counting. Though more information is awaited on the scale of the impact, from the initial impression it is evident that threat actors are targeting a certain type of internet routers that are used at homes, small offices & possibly businesses such as private practice or smaller group practice clinics and other satellite healthcare extensions.
The unscrupulous activity of this offender can often go unnoticed as the malware can very well camouflage as a legitimate traffic from the compromised business.
How can businesses, large or small, protect itself from such sophisticated, extremely versatile form of attack?
Businesses that rely on network security assessment tools which are insight driven have a strong advantage.
To detect persistent threats such as VPNFilter that performs multi-stage command and control operations, it is important to have a needle-eye view at the device level to understand the communicative model exhibited, to flag out outliers. For example, internet router at a Clinical pathology lab making multiple attempts to reach out toknowall.com (stage 1 -C&C operation of VPNFilter) may go unobserved if the lab has no knowledge of what is flowing in their network.
Summing up, business needs to aggressively pursue a strong operational plan that is based on robust insight driven behavioral models. Insight driven security framework has the following benefits:
1. Allows business to understand their current network behavior – what is flowing in their network.
2. Create healthy behavioral baselines to quickly detect and remediate outliers.
3. Intrusion prevention that is more effective that the traditional cookie cutter models.
4. Considerably reduces the detection deficit, which is the time elapsed between intrusion and remediation.