Cyber Security: What’s real. What’s important. What’s dangerous
I attended the Gartner Security and Risk Summit in London last week, where the keynote titled “Scaling Trust and Resilience — Cut the Noise and Enable Action”. The key message was that security professionals are drowning in data, making it difficult to see what is really happening, and to judge “What’s real, what’s important, what’s dangerous”.
This is true for any sized enterprise, but critically so for large communications service providers, where some own physical networks (such as mobile network operators), and some own application infrastructure (such as social media messaging apps). But all have one thing in common; millions of data points, events and users.
The keynote discussed criticality, risk assessment, access controls and designing for resilience, to answer the “what’s”
- To know what’s real - we need to use automation to quickly classify and categorise threats.
- To know what’s important – We need to know what we are protecting. Take inventory, assess risk and monitor.
- To know what’s dangerous – We need integrated risk management, design for resilience and share knowledge.
In a large communications service provider environment, the Telesoft TDAC uses multiple data sources including unsampled hi rate flow monitoring to discover physical and logical infrastructure (to know what’s important, taking inventory), enhances that data with reputation, application layer data and scanning for known signatures (to know what’s dangerous) combined with anomaly detection and alerting (to know what’s real).