Threat environment enterprises face
Here at Tanium, we talk to a lot of people in Washington – from our clients and potential clients to policymakers looking to understand emerging threats and how to stop them. One of the smartest folks we’ve met is Andy Ozment, the Assistant Secretary of the Office of Cybersecurity and Communications at the Department of Homeland Security. Dr. Ozment has a doctorate in computer science, was the Senior Director for Cybersecurity for the President’s National Security Council, and in his current role, he is charged with protecting the federal government against cyber attacks and helping the private sector protect itself.
Recently, at the Wall Street Journal’s Middle Market conference, Dr. Ozment succinctly put his finger on the threat environment enterprises face and how we need to confront them:
“How long does a bad guy dwell or live on your network before you catch them? Three or four years ago, sophisticated companies had dwell times that were in the hundreds of days, or years. Now a sophisticated company gets their dwell time down to seconds.…They kick the bad guy off before they can cause any real harm. That’s the kind of resilience that we’re looking for. And it’s also this mind shift in the defenders, to accept that somebody’s probably already broken into your network. What do you do about it then? Rather than this, ‘I’m going to keep everybody out. And I’m going to believe that I can be 100% effective.”
When and how do you rapidly mitigate breaches
We couldn’t agree more. When you’re dealing with networks with hundreds of thousands to millions of endpoints and almost an equal number of people working on them, the question is not if a “bad guy” will breach your network but rather when and how do you rapidly mitigate it. It’s just common sense: you have to move at least as fast as your hackers to stay ahead of them. If you’re able to spot suspicious activity, quarantine it, and fix the vulnerability in seconds, you’re able to keep your network and the vital data that flows across it secure.
As Dr. Ozment suggests, the best practice for large organizations has to be the ability to keep a bad guy’s “dwell time” to seconds, which means knowing who and what is on your network right now, not where they were yesterday. Indeed, this speed and control should be the standard that boards set for their companies and governments set for their agencies. It’s gratifying to see that leaders in the field agree that the core of what we do–giving systems administrators and security professionals 15-second visibility and control over all the devices on their networks–is the best hope we have of keeping the largest networks in the world secure.
Scott Rubin, Chief Communications Officer & Head of Public Policy