When even a top security company needs to be told by the FBI that they’ve been hacked, you have to realize that something’s simply missing in the way everyone is approaching cyber threat visibility.
It turns out that it’s not so unusual for an outsider to tell a company they’ve been hacked. In spite of all the spending and tools at large companies, Mandiant reports that 38% of companies breached are told so by outsiders.
The Use Case
The press release about the breach suggests that an attack known as ‘password spraying.’ Password spraying is the opposite of a brute force attack. A brute force attack tries lots of passwords against a single user account. A password spraying attack tries a small number of (common) passwords against a large number of user accounts (hoping to find an account using a weak password).
These days, it’s easy to find available passwords on the dark web. Just like our security chatbot will warn users how many times their password has been found on the dark web, attackers can find popular passwords on the dark web to use in password spraying attacks.
Our user awareness solution helps companies coach users using real-time threat data for password, IP, device, location, browser vulnerabilities (and more). Any time users are part of the “how do we stay secure” answer… real-time data helping users make better security decisions is going to help.
But there’s a more general observation that can be made, considering how many companies with lots of security software and great security teams don’t even know they’ve been hacked.
The Blind Spot
There’s a visibility blindspot beyond your endpoint. Companies should want to stop threats before they get into their networks, yet all monitoring starts with the endpoint and works its way in. At that point it’s too late.
On top of that, there’s not a lot of real-time visibility into threats. There’s real-time visibility into security events (possible breaches), but not into threats. Threat information is missing because there’s no visibility beyond the end-point.
Let me give an example.
A customer of your e-commerce platform is connecting in from their home. What’s the threat that customer presents?
They’re not an employee so there’s no endpoint management software in place. Where has their browser been? What’s on their machine? Where else do they use your password? Is it even them, or maybe it’s one of their kids logged in as the parent?
Do you have to wait for the customer to login for them to present a threat? No. But you have no idea who they are until they login. What’s a security team to do?
With Cymatic Security we can give you visibility beyond your endpoints so that you get visibility into the threat the user brings to your organization. We can help you remediate threats too, but most companies are grateful just to have a more complete threat assessment — one that extends out beyond their endpoints all the way to their users (even when the users and their devices are not under IT’s control).
After all, no one wants to start their day, like the company above did, with a call from the FBI telling them they’ve been breached.