sb-nz logo
Story image

Five wine-tasting tips that should be applied to network security

25 May 2020

Article by Gigamon CMO By Karl Van den Bergh.

Let’s take a deep dive into what ‘visibility’ really means when protecting a network, and how it takes more than experience to truly understand and analyse incoming threats.

Much like a blind wine tasting, we need to keep an open mind and trust what the data is telling us without being biased by previous results.

There are many comparisons to be made for identifying blind spots in network security,  but my absolute favourite is the black wine glass, inspired by a recent tasting event.

During a trip to a certain vineyard, the guide shared a story of black glass wine tests, in which connoisseurs must determine what they’re sipping without seeing it first. Despite being able to smell and taste each pour, even sommeliers have a hard time discerning between varietals in a legitimate blind tasting.

This got me thinking about seasoned the NetOps and SecOps professionals who deal with incoming threats each day.

Much like a master sommelier, these folks really know their stuff. They’ve had years of rigorous testing and training. They’ve seen it all and know what to look for. They are, without doubt, the master sommeliers of networking and security. But when these experts rely too heavily on their own previous experiences, they may end up missing the mark.

Here are five wine tasting tips that can help us to detect network security risks more accurately.

1. Never assume to know the outcome

What’s that old saying about assumptions making something out of us?

There’s a reason why bold declarations can backfire, and it’s usually because they’re easily challenged. Much like the US red and the white wine fiasco, which resulted in major hurt feelings for esteemed connoisseurs, surmising where the biggest security risks lie can have a devastating effect, even for total pro’s.

The bias that comes into play in security is that decisions aren’t often made based on data, instead they’re made from the heart — and then even security professionals search for things that support this decision.

But a good security person knows this. They understand that while experience serves them well, it doesn’t get them all the way there. Although they will first check where their gut tells them, they will also begin digging in other unlikely places.

Tasting notes: Making assumptions can quickly put an organisation at risk. Instead, consider all the evidence, not just the pieces experienced personally, before making any conclusions.

2. Use everything available when analysing the data

If the black-glass wine tastings proved anything, it’s that seeing is a crucial first step in determining accurately what’s actually in the glass. Without being able to look at the wine, a sommelier has zero chance of detecting nuances in colour, clarity or density. When there’s no visibility, the other senses have a harder time guessing accurately the wine, because there’s now a disconnect.

The same is true when protecting a network. First, total visibility is essential in order for the rest of a toolset to work effectively, while also recognising that no single tool will solve the entire problem.

Relying exclusively on a firewall, antivirus or SIEM is a sure way to fail because these tools often miss what’s happening in between. To make the best possible choice, we need to use everything at our disposal, including network detection and response, to ensure that the information is as complete as possible.

Tasting notes: Without a comprehensive solution, we’re only scratching — or sniffing, if you will — the surface.

3. Always keep an open mind

Even master sommeliers can miss the mark if they are quick to judge what they see. It’s common to associate the colour of a wine with certain tasting notes, be it red (bold, velvety, earthy) or white (crisp, buttery, flowery). Like it or not, there’s an entire flavour profile, from bouquet to finish, that’s already being mostly predetermined in our minds from the moment we see the colour.

Something similar happens to our brains in network security when we’re accustomed to spotting threats in the same places. The common problem areas should still be assessed, but making them the sole focus can mean overlooking other danger zones.

In order to decrease security risks and avoid costly network problems we must keep an open mind to what the data actually shows versus what we’ve been conditioned to expect, along with the next logical steps that should be considered.

This doesn’t mean leaving years of experience at the door, but instead injecting some variety or chance into the discovery process, to see what else we may discover. In this way we are likely to catch a threat that was right there, where it was least expected.

Tasting notes: Relying on historical results will inevitably bias us, learn to look at the data from all angles.

4. Leave judgements at the door

It’s been said that the more training a wine connoisseur has, the more mistakes he or she is likely to make. These are words to live by, and not just when drinking wine.

Just as sommeliers are easily influenced by the colour of a wine, security professionals are influenced by what they see on their network day in and day out, and then use that information to determine the risk level of the potential threat.

But it really doesn’t matter how sharp our judgment is or isn’t — we still need holistic solutions that allow us to see everything happening on our network.

Tasting notes: Perceptions are personal and influence conclusions. To see truly what’s in front of us, we need to step outside our bubble.

5. Don’t be fooled by what we see

Some wineries rely on imported grapes to achieve desired results. While these methods often make for a palatable pour, they’re not exactly authentic.

A threat actor’s preferred tactic works similarly. By misusing what are mostly benign tools, threat actors can hide in plain sight. NetOps and SecOps professionals must be careful, as a small blip that is normally benign may be suspicious activity, even when it looks identical.

When security professionals are looking at the data they’re analysing, they need to combine tools, knowledge and experience to discern a genuine threat from authentic activity.

Tasting notes: The best security teams look for threats in other areas, not just where they’ve previously occurred, but in unlikely places, too.

In vino veritas

Absolute certainty is clearly an absolutely terrible approach to both wine tasting and network security. Rather than relying solely on years of training and experience, security pro’s must be sure they have a network visibility solution that brings blind spots to the surface, then step out of their comfort zone when assessing the information.

They must use every tool at their disposal to collate all the information needed order to get the full story. Because that story changes dramatically based on the volume of information gleaned.

Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Story image
SMBs seeking service providers in face of rising cyber threats
SMBs are struggling with their cybersecurity solutions, with three quarters worried about being the target of a cyberattack in the next six months, and 91% considering using or switching to a new IT service provider if offered a better option.More
Link image
Why video-streaming companies should consider a multi-CDN strategy
Video streaming continues to grow each year, and in order to ensure quality of experience, new strategies must be leveraged.More
Story image
ESET launches the latest version of its Mobile Security solution
“With this latest version of ESET Mobile Security, we want to ensure our users feel completely secure when performing financial transactions on their devices, in addition to being protected from malware and phishing attempts."More
Link image
Track, analyse, act: The e-commerce metrics you need
E-commerce technology leaders need to track, analyze, and act on large volumes of business and system performance data. Danny Miles, the CTO of Dollar Shave Club, shares a powerful framework for thinking about and prioritizing e-commerce metrics.More