You’re a couple of miles underground, it’s damp, noisy and cramped, your light flickers and you have been working hard shoring up the mine. Looking over and you see the mine canary, flat on the bottom of the cage and now you have a limited amount of time to locate a source of good air, understanding that the buildup of carbon monoxide is already present in your system.
In the scenario above, a lucky miner avoided death. In some cases, the miner could revive the canary if they had a resuscitation cage that would deliver oxygen to the Canary and both would survive for another day of mining.
Canaries in mines are a real thing – there were a number of sentinel species used as biological danger detectors including rats and mice. You might be surprised that the last mine canaries used in the United Kingdom were phased out in the later part of 1986.
Whoa! I was surprised by this fact as well, and surely we were not using canaries in mines in the 80’s one would think! By 1986, I had already served three years overseas in the US Army. Imagine the internet with around 100 nodes! In 1986 MILNET had been separated from the ARPANET, severed for security reasons. It is also the year when an infamous small essay was published, known as “The Hacker’s Manifesto” – which would set the stage for years to come.
CIO Manifesto – defining what winning really means
What are the sentinel species that provide CISO’s a good indicator of their overall security health? An IDS or a firewall, or possibly a threat analytic platform? How quickly does your early warning system check for exposure? How deep is the analysis? Are you more likely to find out after the fact than proactively?
Fast forward to today’s sentinel species in the mines of corporate data. How many canaries are installed and monitored today? Write them down. If you do not know, ask your CISO, Security Executive or person responsible for keeping your data secure and managing, updating and integrating the Canaries at your company. Are unwatched canaries actually canaries?
Talking recently with our CEO, Art, about current industry challenges he highlighted a company he had visibility to. This company had about one-third of their total support call volume just for resetting their passwords since they have not logged in for over six months!
Keep in mind that the reason miners used canaries for so many years were that they were cheap and very reliable. Can the same be said of your canaries? How do you define “reliable” for your security systems?
Most people would naturally start thinking about their risks and think specifically about what they rely on as their indicators, a report, alarm or another method that they trusted. However, more commonly, people would see the question more as the starting point to confirm a need for recovery from the damage that is either already done or is currently in progress.
If I Had a Billion Dollars
As highlighted in The Hacker News, “EINSTEIN, which is officially known as the US’ National Cybersecurity Protection System (NCPS) and has cost $5.7 billion to develop, detects only 6 percent of today’s most common security vulnerabilities and failed to detect the remaining 94 percent. ” (http://thehackernews.com/2016/02/einstein-cybersecurity-firewall.html)
Let’s take a look at what happened to a well-funded organization using Einstein. Based on numerous reports of the OPM government breach, hackers likely gained access to the OPM network around May 2014, stealing credentials, planting malware and creating backdoors for exfiltration. July 2014 through August 2014 exfiltration was occurring. A few months later, lateral movement landed the hackers in the Interior Department’s data center when on December 15, 2014, hackers stole over 4 million records.
A 231-page report was released on September 7 by the US House of Representatives, (https://oversight.house.gov/report/opm-data-breach-government-jeopardized-national-security-generation/), concerning the breach. It stated the obvious, however, the number two recommendation after addressing personal competency, is a call to reprioritize federal information security efforts towards Zero Trust!
What Do Dead Canaries Mean?
The canary, in the OPM case, appeared to be fine, as the conditions that would have caused it to sway or fall from its perch were not present. More accurately, the canary was not aware as its perch was set high enough in the tunnel, not affected by the presence of the poisonous gas.
Compared to cybersecurity, a dead canary could be a real indicator or more frequently a false positive. On the other hand, what does a live canary tell us? How do you feel when your security indicators are reporting everything is OK! Is it really?
There is no doubt that our systems are getting more and more complex and that innovation of security tools and analytics are never catching up to the innovation and complexity of the threats. Management of the systems monitoring and protecting your business applications and data continues to be a weak link. While big data accelerates business and allows for faster innovation, how is that acceleration working for us when used against us? How do CISOs balance the cost of preventing a breach when the attackers are running their “businesses” and leveraging their competitive advantages against your business?
A CyberThreat Defense report highlights; “62% of respondents to the Cyberthreat Defense Report are expecting their organization will fall victim to a cyber attack in the coming year, indicating industry’s decreasing optimism in being able to defend against attacks.”
Unfortunately, the incentives work to the benefit of the growing business of cybercrime versus traditional enterprises. Not only do you have to compete in your market, but you also have to compete in the underworld market to protect your data against crime, espionage, and hacktivism – with ever-increasing costs and complexity.
What if you could reset time and simply deploy your critical applications securely by design versus spending years of adding and integrating bolt-on solutions? What if you could deploy your virtual machines on a zero trust platform in less than 15 minutes and see what your application is exchanging data with or more importantly where? We can provide you a pathway to this future, one that establishes security that should be in place, but has been largely missed by the industry until now.
Let’s Retire the Canaries!
Today, business leaders can no longer assume their computers and applications secure. It has to be secure from manufacturing to deployment, anywhere in the world at all times, simple to deploy and manage. It needs to be a zero trust solution, starting at implementation! This is a security approach that has been largely missed since the days of early data communications, which relied innocently on implicit trust. Let’s retire all security canaries and let them take their rightful place in history.
-Kim Ringeisen, Skyport Systems Customer Success