Your Incident Response Costs Will Be High Without Endpoint Visibility – Charles Leaver

Written By Kyle Flaherty And Presented By Ziften CEO Charles Leaver


It was rather a day on July 9 2015 in the world of cyber security. The first thing to occur was the grounding of flights by United Airlines due to a technical problem, this was followed soon afterwards by the New York Stock Exchange (NYSE) revealing they needed to halt trading. This report originated from the Wall Street Journal as you would expect, and they went offline just after.

This led to total panic on the Internet! There was a huge buzz on Twitter and there were a great deal of rumors that a well coordinated cyber attack was taking place. Individuals were jumping off the virtual bridge and declaring a virtual Armageddon.

There was general turmoil up until the three companies stated in public that the concerns were not associated with cyber attacks however the feared unknown “technical glitch”.

Visibility Is The Concern For Attacks Or Glitches

In today’s world it is assumed that “glitch” suggests “attack” and it is true to state that a good team of hackers can make them look the very same. There are still no information about the events on that day and there most likely never ever will (although there are rumors about network resiliency concerns with one of the largest ISPs). At the end of the day, when an incident like this occurs all companies require answers.

Statistics recommend that each hour of incident response might cost thousands of dollars an hour, and when it comes to businesses such as United and NYSE, downtime has actually not been taken into account. The board of directors at these businesses don’t want to hear that something like this will take hours, and they may not even care how it occurred, they just desire it solved quickly.

This is why visibility is always in the spotlight. It is vital when emergencies strike that a company knows all of the endpoints in their environment and the contextual behavior behind those endpoints. It might be a desktop, a server, a laptop computer and it might be offline or online. In this modern-day era of security, where the principle of “prevent & obstruct” is no longer a suitable strategy, our ability to “quickly find & respond” has become increasingly more critical.

So how are you making the transition to this brand-new period of cyber security? How do you minimize the time in figuring out whether it was an attack or a glitch, and exactly what to do about it?