In my recent posts about cyber security, I have used analogies that relate Internet security to fighting fires and open warfare. However, I recently had a conversation with a CIO at Gartner IT Expo that put this topic in a different light for me.
Many of the folks I speak with about the challenges of cyber security want to talk about the complexity of threats and the dangers that cyber criminals represent. The discussions tend to focus on the types of attacks and the damages that they cause. This CIO had a completely different take, which I thought I’d share with you.
Answer the following question before you read further: Why do we have brakes on automobiles?
This is what the CIO asked me. I pondered the question for a few seconds, for surely this was some sort of trick question. Finally, I found no hidden meaning in the query so I replied, “To stop the car of course.” And of course he said, “Wrong!”
His answer was: “We have brakes on our cars to help us go faster.”
Looking for ways to accelerate your security plans?
Check out our security solution guide.
As a CIO, he isn’t looking for ways to stop innovation; he is looking for tools to safely control his vehicles of innovation. His challenge isn’t just finding ways to stop the bad guys; he needs to know how to set up controls to manage the risk and yet still drive innovation into his organization as quickly as possible.
So his challenge to Level 3 as a managed security services provider (and to me) was: how could we help him understand the risks so that he could set up the right controls without placing a drag on his processes.
For example, for access to sensitive information like credit card data he knew that he needed two-factor authentication, but for less sensitive access like to his customer portal perhaps single factor sign-on would be acceptable. Those risks are rather easy to define. What is more challenging is trying to track and react to the new threats that cyber criminals create as they continue to grow their bag of dirty tricks.
And that is exactly an area that Level 3 can help him with. Gathering the insight into the threats that exist and the attack vectors that cyber criminals use is one of Level 3’s unique strengths. Level 3 may have one of the largest collections of security intelligence or SIEM information in the industry. SIEM means Security Incident and Event Management and it’s used to refer to the information that an organization uses to identify cyber threats.
Level 3 constructs our SIEM information from a lot of sources. We collect netflow data from over 300 core Internet routers. We monitor DNS traffic and our CDN traffic. We monitor everyday network events as well; things like utilization and intrusion alerts. All of this data is correlated to create information that we use to protect our network. We’ve been doing this since basically the inception of our network, so our collection of SIEM information and our organic cyber security knowledge is pretty extensive.
With the launch of our new security services, we are now using this SIEM data to not only protect our own network but also the networks that we provide to our managed security services customers.
So this means that CIOs can think less about slowing down and more about shifting into a higher gear. So, ladies and gentlemen start your engines! Let’s change out of those flak jackets and put on our racing suits.
Latest posts by Brad Doctor (see all)
- DDoS Fundamentals – A look back at an interesting attack late in 2013 - January 13, 2014
- The Importance and Difficulty of Attack Attribution - June 20, 2013
- DDoS Mitigation – What can you do? Here’s a hint – Distribute. - April 30, 2013