Why IT Needs a Culture of Healthy Paranoia

There are three words to explain why IT professionals need a dose of healthy paranoia: Advanced. Persistent. Threat.

The term "advanced persistent threat" was coined in 2006 to differentiate from hacktivists and opportunistic attacks. Advanced persistent threats bypass or thwart traditional IT security tools such as IPS/IDS and firewalls by using approved ports, stolen credentials, and even stolen private keys. These types of attacks take months, even years, and therefore are usually attributed to state-sponsored organizations or well organized criminal groups intent on stealing valuable data.

Advanced persistent threats have grabbed significant attention in recent weeks. Consider the following headlines:

If you work in IT, the first reaction to these types of stories is to wince at others' misfortune; similar to how you react when you drive by a traffic accident. There's a sensational feel to these attacks, and one has to give the attackers credit for their inventiveness and patience. In many cases, the targets did not discover the data breach until weeks or months afterwards.

How Wire Data Analytics Can Help

In response to this relatively new threat, IT organizations should no longer concentrate their defenses only at the perimeter of the network. Instead, in addition to traditional perimeter defenses, IT professionals need to be able to identify abnormal and suspicious behavior inside the perimeter, even if it looks like it is coming from an approved user. In other words, a little more paranoia is needed in enterprise IT, especially if your organization deals in data that would be valuable to state-sponsored or criminal groups.

This geomap shows the geographic origin of SSL heartbeat messages, in this case coming from Kiev, Ukraine. This geomap shows the geographic origin of SSL heartbeat messages, in this case coming from Kiev, Ukraine.

ExtraHop equips security-conscious IT teams with the context and visibility they need to understand what is abnormal and suspicious behavior. As Solutions Architect John Smith wrote earlier, ExtraHop works as a CCTV for your datacenter that helps to spot data exfiltration. Vincent Yesue, another member of the Solutions Architecture team, wrote a separate post about how to create rule sets to define and alert on abnormal activity using ExtraHop.

Related: Detect Heartbleed Exploits with ExtraHop's Free Download
If you are interested in learning more about how to apply wire data analytics to your InfoSec practice, please do not hesitate to contact us. We would be happy to discuss our product capabilities as well as set up a discovery call with our Solutions Architecture team.

Subscribe to our Newsletter

Get the latest from ExtraHop delivered straight to your inbox.