Security Operations
 | 4 min read

Cyber threats: why it’s all about the response


Are you responsible for your company’s information security? Then you probably share my worst nightmare, which is being hit by a major event and then botching the response. This isn’t an irrational fear either, as many companies have suffered dire consequences not because they suffered a cyber-attack, but because they didn’t handle it appropriately.

The textbook example of what not to do is British Airways – you don’t want to be like them. So, let’s take a look at what ‘getting it right’ really means and why at Kordia, AlienVault’s Unified Security Management (USM) is a key factor in taking care of our security business.

It starts with preparation. There’s the obvious stuff, like understanding your information assets and systems, knowing what to protect, and prioritising them so you can keep out the majority of threats.

Note that preparation isn’t prevention. ‘Perfect’ security is a pipedream; it would cost too much on the one hand and render information systems inoperable on the other. Not to mention that what we think is perfection today would be out of date tomorrow. Things are changing fast.

In other words, despite our best efforts and best practice execution of today’s necessary multiple layers of defence, it remains a case of when, and not if, a breach will happen.

And by the time it comes down to brass tacks (even a top information security vendor fell victim to hackers), prevention has fallen by the wayside. Now it’s all about response.

It is at this point that your company’s fortunes are squarely in your hands. How it plays out now depends entirely on the quality of your incident response processes.

Speed is a key factor.

Yes, it’s obvious, especially to us security professionals, that the quicker you respond the better. Yet, IBM’s Ponemon Institute says the average breach response takes 69 days. If you think that’s bad, this is worse: detecting it in the first instance takes an average of 128 days! That potentially gives a hacker nearly half a year to explore, exploit and disrupt.

These figures are despite the fact many organisations have invested in Security Information and Event Management (SIEM) tools.

So, what’s going wrong?

Quite simply, it’s this: what good is information if there’s nobody available to understand and act on it?

Technology and people combined.

This is where USM shines. It’s easy to think of it as a combination of Security Information and Event Management (SIEM) and a Security Operations Centre, but it’s more than that. What USM does is combine the technology you’d expect for the protection of sophisticated information assets, with the brainpower of qualified, skilled and experienced personnel.

Here’s what you get with Kordia’s AlienVault-powered USM:

Dedicated security resource – Our Auckland SOC is monitored 24/7. There’s always someone keeping an eye on things.

Instant detection – When the system detects any anomaly our team jumps into action, analysing, investigating and alerting you. We’ll provide practical advice on what to do.

Proactive support – We look for potential vulnerabilities through asset discovery scans, regular vulnerability assessments and by deploying behaviour analysis rules.

Five essential security capabilities in a single console – USM gives you everything you need to manage compliance and threats in a single dashboard with pre-set reporting. One key capability I value is vulnerability scanning, which allows us to identify the severity, location and nature of threats so we can give priority to the patching, configuration and other mitigation work required to reduce the risk.

Incident response planning – We develop an incident response plan with you, covering preparation, eradication, identification, recovery, containment and a feedback loop of lessons learned.

USM works. For us, too.

It goes without saying that Kordia itself uses USM (and that we, like any other business, are targeted by hackers).

We’ve seen USM in action, too. Soon after deployment, a senior accounting executive fell for a phishing email and, with one clicked link, installed malware. AlienVault technology detected it, resulting in immediate action to isolate the machine, kick off the incident response process and quickly deal with the problem before it had any chance of affecting our business.

The bottom line is that as Kordia’s CISO, I sleep better at night, confident that the combination of great technology, expert people and robust processes mean the next time we have a security incident, we’ll know about it rapidly. And we have experts who can resolve it around the clock.

Kordia, like all organisations, has limited resources; but, by having a good view of our vulnerability risk, I can rest assured that the resources we do have are being applied to the maximum benefit.

Still not sure if USM is for you? Why not come take a look behind-the-scenes at our Security Operations Centre in Auckland (SOC). Talk to your Kordia account manager today to set up a convenient time for a visit.