The thought struck me recently that an experience I often had while growing up has a number of parallels to targeted attacks and advanced threats. This is a confession that is long overdue, but as a child, I often stole the fresh-baked cookies my mother made. <Hopefully my Mother won’t be reading this>
Looking back, I recall possessing the tenacity of a rabid dog with my drive and desire to satisfy my taste buds with the flavor of freshly baked peanut butter, chocolate chip or oatmeal cookies. Further, I had a variety of methods I utilized to score a cookie hit. I am not going to list all my methods, as the last thing I need is my wife, who also makes amazing baked goods, to know all my tricks of the trade. But going back to my childhood, here are a few tried and true methods for kids to successfully hack a cookie:
- stand on a kitchen chair to reach the forbidden cookie jar
- use a broom or mop handle to move the cookie jar to the edge of the counter… reach up to put it on its side… pull out a few cookies… tip the jar back up then move it back in place using the same broom or mop handle (voice of experience warning: be sure to wipe off any crumbs that came out of the jar from the counter… and the floor)
- sneak the fresh-out-of-the-oven creations off the cookie sheet while the are cooling
- and many… many… many more.
Now to the point, what does this have to do with targeted attacks and advanced threats? Well, it struck me that my mother became very adept at monitoring for sounds of moving kitchen chairs, the creak of the closet door opening as I reach for a broom handle and the oven door opening as I tried to sneak a warm cookie just before the buzzer. Further, she was adept at sniffing out a repeat of previous ‘cookie attack methods’ – the varying paths I would take to get to the cookies and, with the efficiency of a hunting dog, could sniff out my attempts to ‘social engineer’ an attack commencing with a diversionary “I love you Mom” and a simultaneous big hug while one hand reached behind her back for a cookie.
The fact is that attackers, like self-confessed cookie monsters such as yours truly, are motivated by one thing. Despite what some may want you to believe, turning your data, intellectual property and communications into either cash and/or intelligence is what “pays their bills.” As such, attackers will use a variety of means and methods to breach your networks.
Just as my mother would have failed to detect and prevent cookie theft, had she only monitored the movement of kitchen chairs, closet doors, or the oven door opening, part of establishing an effective defense against targeted attacks and advanced threats mandates monitoring a broad attack surface. Plain and simple, given the voracious appetites and tenacious dedication of both cookie thieves, and those who want to breach your networks and steal your data, wherever you are not watching is where the “cookies” will disappear.
Key considerations why you want Deep Discovery on your short list:
- Unlike the other guy who can monitor only three things, Deep Discovery monitors more than 80 protocols and applications
- Unlike the other guy who only monitors a handful of ports, Deep Discovery monitors 65,000
- Unlike the other guy who sells three separate appliances… one for each of the protocols they monitor, Deep Discovery is a “full meal deal” – all in a single appliance. Meaning all ports and more than 80 protocols and applications are monitored.
Why does this matter to you? Quite simply: Deep Discovery provides superior detection of targeted attacks and advanced threats at a much lower cost of ownership than the other guy – exactly as indicated in the recent NSS Labs Breach Detection System Comparison Report.
In short, given the recent NSS Labs Breach Detection Test Results, and the attempts by some who appear to suggest “cookie monsters” only use three protocols to quarry their favorite “chocolate chip cookies,” it is key that we all be wary of the hype, and take stock in the ‘caution’ signs. By comparison, here is a sign you can trust.
NSS Labs Blog: https://www.nsslabs.com/blog/dont-shoot-messenger
Why Deep Discovery is Better: http://www.trendmicro.com/us/enterprise/security-risk-management/deep-discovery/#why-its-better