Resource Blog

Is it reasonable – or even affordable – to have a partner remediate attacks for you?

Written by ronbeltz | Jul 25, 2019 10:07:03 PM

Vendors today all take a pride in notifying customers of breaches, helping track the spread of the breach, and offering advice on how to remediate the breach. That sounds nice but, it is not so nice. Especially for someone who doesn’t know security well, the instructions can be confusing. Adrenaline + Stress = Instructions that look like they are written in a language from another world.

It is like going “live” vs. a simulation. When the police academy trains its cadets, the cadets are taught that no matter how well they do on the shooting range, under live fire conditions they can expect a degradation of their abilities by at least 30%. The same holds true during a “live” cyber-attack. Instructions that seem simple as you read them from your cozy office chair with cup of coffee in-hand, will rapidly appear more complex than they are during a live cyber-attack when your infrastructure is being brought down.

A better way is the vendor detect an attack. Remediate the attack. Call you in your cozy office chair to tell you there was an attack - and it was taken care of and there is nothing more for you to do.

So, is this even affordable?! That depends on the response. If you need boots on the ground, that gets incredibly expensive. Often engineers are not in the same state or have to travel to your other locations. The hourly cost for the engineer onsite and travel costs are exorbitant. Don’t expect a discount. They know you have no other choice.

But what if remediation of a cybersecurity threat can happen remotely? It can. Let me explain.

Security and IT infrastructure has been built up over many years from disparate technologies, vendors and in-house applications. This means that cybersecurity vendors coordinate information between tools by getting permission from vendors to build API integrations into their tools. This takes time and can break if the vendor makes upgrades. Think about trying to get permissions and then build an API integration every time a new product comes out. You won’t. You will stick with the tools you have and do the best you can. This is the strategy of many cybersecurity vendors, and it hinders them, stagnating their offering from incorporating the latest developments and using the latest tools.

On the other hand, if you have a fabric that connects all of your endpoints and acts underneath the OS layer, things are different. Take the DXL Framework by Intel. The Data Exchange Layer (DXL) communication fabric connects and optimizes security actions across multiple vendor products, as well as internally developed and open source solutions. If a vendor installs a small DXL client that sits at the OS layer, tapping into the DXL fabric that interconnects all applications, it can be accessed as a secure, real-time way to orchestrate data and actions across multiple applications across different vendors, as well as internally developed applications. There is a firewall friendly version, so that branch networks and applications can also be monitored and remedied.

In short, a vendor in this scenario could act in real-time to remediate breaches, worldwide if necessary, and keep your production environment up and running.

This keeps you up, is a faster response time, and far less expensive that boots on the ground.

To discuss this further, use the link below to schedule a time to talk.

https://meetings.hubspot.com/dgillies1/cybersecurity-discussion-with-david-gillies