Tape Decks to iPhones: The Advantages of Contextual Data for Computer Network Defense

cyber-general-background

What is the most pressing need today for our customers?

By Greg Boison

Years ago, when I listened to music on a cassette tape, I would hear the sound and nothing more. Someone might have labeled the tape, but no other information came out when I pressed play.  Today, digital music delivers complex metadata on everything from the artist and lyrics to recommendations for other music to suit my taste. Similarly, data we can access via technology assets have evolved, providing insights that we use to detect and mitigate cybersecurity threats and intrusions.

Continuous Diagnostics and Mitigation (CDM) and robust knowledge management in the form of Intelligence-Driven Defense are the streaming music service of network defense and mature cybersecurity. A given asset, such as an employee’s computer, has an IP or MAC address, but as with the sound on the cassette tape, the IP address alone provides little context. CDM provides capabilities and tools that identify cybersecurity risks on an ongoing basis, prioritizes these risks, and enables cybersecurity teams to mitigate the most significant issues first.

When have you have heard that track or noticed similar incidents before? And where did the two incidents diverge?  For the IP address of an asset, what else do you know about that asset that will help defend it properly?  Who owns it?  From where does that person usually connect? 

Let’s take a look at an intrusion. One aspect may be new – the email content, the malicious code, or the IP address—but there are generally familiar phenomena that connect to past intrusions. By comparison, you realize that this incident could be the same intruder attacking you from another angle. With that knowledge, you’re better prepared to handle the incident. You’ve also collected more intelligence surrounding your intruder’s motivations that you can use to thwart future attempts.

With CDM, you are able to determine with confidence that the test asset sitting in storage may forego a patch, but the asset connected to the human resources database is a dangerous vulnerability and in need of immediate mitigation. You are able to deploy resources to activities that need it the most, saving you time and money.

CDM optimizes IT spending, prioritizes remediation, and defends precious personally identifiable information, intellectual property, and other data.  That’s music to my ears.


       

Greg Boison is the Lockheed Martin director of Homeland and Cyber Security. He leads a team of more than seven hundred employees and subcontractors supporting the Department of Homeland Security and Federal cyber customers.


Follow him on Twitter @gregboison

September 11, 2014

100th-bottomNavBar