How it Works: Cybersecurity

cybercrime is a global problem that's

been dominating the news cycle it poses

a threat to individual security and an

even bigger threat to large

international companies banks and

governments today's organized cyber

crimes far out shadow loan hackers of

the past now large organized crime rings

function like startups and often employ

highly-trained developers who are

constantly innovating online attacks

most companies have preventive security

software to stop these types of attacks

but no matter how secure we are

cybercrime is going to happen meet Mia

she's the chief security officer for a

company that makes a mobile app to help

customers track and manage their

finances so security is a top priority

Mia's company has an incident response

platform in place that automates the

entire cybersecurity process the EIRP

software integrates all the security and

IT software needed to keep a large

company like Mia's secured into a single

dashboard and acts as a hub for the

people processes and technology needed

to respond to and contain cyber attacks

let's see how this platform works in the

case of a security breach

wall Mia is on vacation irregular

activity occurs on her account a user

behavior analytics engine that monitors

account activity recognises the

suspicious behavior involving late-night

logins and an unusual amount of data

being downloaded this piece of software

is the first signal that something is

wrong an alert is sent to the next piece

of software in the chain the security

information and event management system

now the IRP can orchestrate a chain of

events that ultimately prevents the

company from encountering a serious

security disaster the IRP connects to a

user directory software that Mia's

company uses which immediately

recognizes that the user account belongs

to an executive who's on vacation next

the IRP sends the incidents IP address

to a threat intelligence software which

identifies the address as a suspected

malware server as each piece of security

software runs the findings are recorded


the IR peas incident which is already

busy creating a set of instructions

called a playbook for a security analyst

to follow the analyst then locks Mia's

account and changes her passwords by

this time the software has determined

the attempted attack came from a well

known cybercrime organization using

stolen credentials Mia's credentials

were stolen when the hackers found a

vulnerability in her company's firewall

software and used it to upload a malware

infected file now that we know how the

attack happened the analyst uses the IRP

to identify the specific server

vulnerability that allowed the attack

what other machines on the network are

vulnerable and the malware file the IRP

uses information from the endpoint tool

to determine which machines need to be

patched recommends how to patch them and

then allows the analyst to push the

patches to all the computers and mobile

devices instantly meanwhile Mia has to

alert the legal department of the breach

the IRP instantly notifies the correct

person of the situation and the status

of the incident after the attack is

contained and Mia's account is secured

the analyst communicates which data may

have been stolen or compromised during

the incident he identifies which

geographies jurisdictions and regulatory

agencies cover the users and information

affected by the attack then the IRP

creates a series of tasks so the

organization can notify the affected

parties and follow all relevant

compliance and liability procedures in

the past a security breach this large

would have required Mia's company to

involve several agencies and third

parties to solve the problem a process

that could have taken months or longer

in a matter of hours the Incident

Response platform organized all of the

people processes and technology to

identify and contain the problem find

the source of the attack fix the

vulnerability and notify all affected

parties and in the future

Mia and her team will be able to turn to

cognitive security tools these tools

will read

and learn from tens of thousands of

trusted publications blogs and other

sources of information this knowledge

will uncover new insights and patterns

anticipate isolate and minimize attacks

as they happen and immediately recommend

actions for security professionals to

take keeping data safe and companies

like Mia's out of the headlines