SecurityBrief New Zealand logo
New Zealand's leading source of cybersecurity and cyber-attack news
Story image

Five wine-tasting tips that should be applied to network security

By Contributor
Mon 25 May 2020
FYI, this story is more than a year old

Article by Gigamon CMO By Karl Van den Bergh.

Let’s take a deep dive into what ‘visibility’ really means when protecting a network, and how it takes more than experience to truly understand and analyse incoming threats.

Much like a blind wine tasting, we need to keep an open mind and trust what the data is telling us without being biased by previous results.

There are many comparisons to be made for identifying blind spots in network security,  but my absolute favourite is the black wine glass, inspired by a recent tasting event.

During a trip to a certain vineyard, the guide shared a story of black glass wine tests, in which connoisseurs must determine what they’re sipping without seeing it first. Despite being able to smell and taste each pour, even sommeliers have a hard time discerning between varietals in a legitimate blind tasting.

This got me thinking about seasoned the NetOps and SecOps professionals who deal with incoming threats each day.

Much like a master sommelier, these folks really know their stuff. They’ve had years of rigorous testing and training. They’ve seen it all and know what to look for. They are, without doubt, the master sommeliers of networking and security. But when these experts rely too heavily on their own previous experiences, they may end up missing the mark.

Here are five wine tasting tips that can help us to detect network security risks more accurately.

1. Never assume to know the outcome

What’s that old saying about assumptions making something out of us?

There’s a reason why bold declarations can backfire, and it’s usually because they’re easily challenged. Much like the US red and the white wine fiasco, which resulted in major hurt feelings for esteemed connoisseurs, surmising where the biggest security risks lie can have a devastating effect, even for total pro’s.

The bias that comes into play in security is that decisions aren’t often made based on data, instead they’re made from the heart — and then even security professionals search for things that support this decision.

But a good security person knows this. They understand that while experience serves them well, it doesn’t get them all the way there. Although they will first check where their gut tells them, they will also begin digging in other unlikely places.

Tasting notes: Making assumptions can quickly put an organisation at risk. Instead, consider all the evidence, not just the pieces experienced personally, before making any conclusions.

2. Use everything available when analysing the data

If the black-glass wine tastings proved anything, it’s that seeing is a crucial first step in determining accurately what’s actually in the glass. Without being able to look at the wine, a sommelier has zero chance of detecting nuances in colour, clarity or density. When there’s no visibility, the other senses have a harder time guessing accurately the wine, because there’s now a disconnect.

The same is true when protecting a network. First, total visibility is essential in order for the rest of a toolset to work effectively, while also recognising that no single tool will solve the entire problem.

Relying exclusively on a firewall, antivirus or SIEM is a sure way to fail because these tools often miss what’s happening in between. To make the best possible choice, we need to use everything at our disposal, including network detection and response, to ensure that the information is as complete as possible.

Tasting notes: Without a comprehensive solution, we’re only scratching — or sniffing, if you will — the surface.

3. Always keep an open mind

Even master sommeliers can miss the mark if they are quick to judge what they see. It’s common to associate the colour of a wine with certain tasting notes, be it red (bold, velvety, earthy) or white (crisp, buttery, flowery). Like it or not, there’s an entire flavour profile, from bouquet to finish, that’s already being mostly predetermined in our minds from the moment we see the colour.

Something similar happens to our brains in network security when we’re accustomed to spotting threats in the same places. The common problem areas should still be assessed, but making them the sole focus can mean overlooking other danger zones.

In order to decrease security risks and avoid costly network problems we must keep an open mind to what the data actually shows versus what we’ve been conditioned to expect, along with the next logical steps that should be considered.

This doesn’t mean leaving years of experience at the door, but instead injecting some variety or chance into the discovery process, to see what else we may discover. In this way we are likely to catch a threat that was right there, where it was least expected.

Tasting notes: Relying on historical results will inevitably bias us, learn to look at the data from all angles.

4. Leave judgements at the door

It’s been said that the more training a wine connoisseur has, the more mistakes he or she is likely to make. These are words to live by, and not just when drinking wine.

Just as sommeliers are easily influenced by the colour of a wine, security professionals are influenced by what they see on their network day in and day out, and then use that information to determine the risk level of the potential threat.

But it really doesn’t matter how sharp our judgment is or isn’t — we still need holistic solutions that allow us to see everything happening on our network.

Tasting notes: Perceptions are personal and influence conclusions. To see truly what’s in front of us, we need to step outside our bubble.

5. Don’t be fooled by what we see

Some wineries rely on imported grapes to achieve desired results. While these methods often make for a palatable pour, they’re not exactly authentic.

A threat actor’s preferred tactic works similarly. By misusing what are mostly benign tools, threat actors can hide in plain sight. NetOps and SecOps professionals must be careful, as a small blip that is normally benign may be suspicious activity, even when it looks identical.

When security professionals are looking at the data they’re analysing, they need to combine tools, knowledge and experience to discern a genuine threat from authentic activity.

Tasting notes: The best security teams look for threats in other areas, not just where they’ve previously occurred, but in unlikely places, too.

In vino veritas

Absolute certainty is clearly an absolutely terrible approach to both wine tasting and network security. Rather than relying solely on years of training and experience, security pro’s must be sure they have a network visibility solution that brings blind spots to the surface, then step out of their comfort zone when assessing the information.

They must use every tool at their disposal to collate all the information needed order to get the full story. Because that story changes dramatically based on the volume of information gleaned.

Related stories
Top stories
Story image
Tech job moves
Tech job moves - Adatree, Brother, Databricks, Nutanix & Rubrik
We round up all job appointments from May 20-26, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Could New Zealanders initiate a cyber attack from within?
The threat landscape is significantly increasing worldwide, and the opportunities it presents are a growing concern in Aotearoa.
Story image
The path to bolstering supply chain security in New Zealand
A significant amount of today's business and leisure activity relies on IT supply chains. From complex international freight trades to local small business distribution channels, any supply chain that involves IT infrastructure serves as a crucial tool in our daily lives. 
Story image
Microsoft NZ and TupuToa to boost diversity in cybersecurity sector
Microsoft NZ has teamed up with TupuToa to co-develop a cyber security employment programme specifically aimed at creating more diversity in Aotearoa's cybersecurity sector.
Story image
Employees on the frontline of cyber defense - report
In the first quarter of 2022, employees found themselves more than ever at the frontline of cyber defense, according to a new report from Kroll. 
Story image
Check Point
Check Point and CCTV expert join forces to boost protection
The partnership will involve Check Point Quantum IoT Protect Nano Agent being embedded in Provision-ISR’s CCTV cameras for on-device runtime protection.
Story image
The ups and downs and runarounds of catching cybercriminals in NZ
We're becoming more and more aware of cybercrimes but how many criminals actually get caught? The New Zealand police explain why the answer is complicated.
Story image
Managed service provider
Barracuda MSP Day 2022 highlights MSP opportunities
Barracuda Networks has released a report showing global services-related MSP revenue is set to increase by more than a third in 2022 compared to 2021.
Story image
Accenture - a collective security approach a driving factor for cyber resilience
With the approaching Davos World Economic Forum upon us, it is even more imperative to discuss the impact of cybersecurity on business operations leading into the future.
Story image
BYOD / Bring Your Own Device
How zero trust can lead the battle against ransomware
SecOps teams champion a zero trust strategy to support the fight against the escalating risk of cybercrime and help monitor threat actors across a network.
Threat actors are exploiting weaknesses in interconnected IT/OT ecosystems. Darktrace illuminates your entire business and takes targeted action to stop emerging attacks.
Link image
Story image
Vishing attacks reach all time high - Agari and PhishLabs
"Hybrid vishing campaigns continue to generate stunning numbers, representing 26.1% of total share in volume so far in 2022."
Story image
Ponemon Institute
Email revealed to be riskiest channel for data loss
More than half (60%) of organisations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months.
Story image
Silver Peak
The path to an adaptive, modern network
Managing and securing the network looks different than it did just two years ago—especially given that most of these networks are made up of multi-generations of infrastructure stitched together over time.
Story image
Cyber attacks
Devastating cyber attacks expected to hit energy sector
Energy executives anticipate life, property, and environment-compromising cyber attacks on the sector within the next two years.
Story image
Let’s clear the cloud visibility haze with app awareness
Increasingly, organisations are heading for the cloud, initiating new born-in-the-cloud architectures and migrating existing applications via ‘lift and shift’ or refactoring.
Story image
More than 40% of banks worried about cloud security - report
Publicis Sapient's new report finds security and the lack of cloud skills and internal understanding of business benefits are big obstacles for banks moving to the cloud.
Story image
'Alarming' rise in ransomware threats - Verizon report
As criminals look to leverage increasingly sophisticated forms of malware, it is ransomware that continues to prove particularly successful.
Story image
Fortinet introduces self-learning AI in latest offering
Fortinet is introducing self-learning AI capabilities in its new network detection and response offering, FortiNDR.
Story image
Alarming surge in Conti Ransomware Group activity - report
A new report has identified a 7.6 per cent increase in the number of vulnerabilities tied to ransomware in Q1 2022.
Story image
New Relic
New Relic launches vulnerability management platform
New Relic has introduced New Relic Vulnerability Management to help organisations find and address security risks faster and with greater precision.
Story image
i-PRO releases smallest AI-based surveillance camera on the market
The new i-PRO mini network camera is now available, with a pocket-sized form factor and full AI analytics functionality.
Story image
Asia Pacific plagued by sophisticated bad bots - report
The three most common bot attacks were account takeover, content or price scraping, and scalping to obtain limited-availability items.
Story image
Data Protection
Barracuda launches new capabilities for API Protection
"Every business needs this type of critical protection against API vulnerabilities and automated bot attacks," Barracuda says.
Story image
APAC organisations fail to disclose ransomware breaches
85% of organisations in APAC were breached by ransomware at least once in the past five years, but only 28% publicly disclosed the incident.
Story image
Trojan cyber attacks hitting SMBs harder than ever - Kaspersky
In 2022 the number of Trojan-PSW detections increased by almost a quarter compared to the same period in 2021 to reach 4,003,323.
Story image
APAC ranks third-highest region targeted by ransomware
Asia Pacific has ranked the third-highest region globally to be targeted by ransomware, according to cybersecurity firm Group-IB.
Story image
Data Protection
Information management capabilities to meet privacy requirements
Organisations with customers or operations across more than one country face a spate of new and proposed privacy and data protection laws.
Story image
Global cybersecurity insurance market worth $11.5b this year
Future Market Insights finds the cybersecurity insurance market is expected to reach USD$11.5 billion in 2022, growing to $61.2 billion in 10 years.
Story image
Third-party automotive apps bear significant privacy risks
Mobile applications for connected cars provide various features to make life easier for motorists, but they can also be a source of risk.
Story image
Amazon Web Services / AWS
RedShield leverages AWS to scale cybersecurity services
"Working with AWS gives RedShield the ability to mitigate significant application layer DDoS attacks, helping leaders adopt best practices and security architectures."
Story image
Vectra AI
Understanding the weight on security leader’s shoulders, and how to shift it
Millions of dollars of government funding and internal budgets are being funnelled into cybersecurity to build resilience against sophisticated threats, indicating how serious this issue has become.
Story image
Infosec unveils role-guided cybersecurity training roadmaps
Infosec Skills Roles maps hands-on training and certifications to the 12 most in-demand cybersecurity roles to maximise training efficiency.
Story image
WhatsApp and QR codes the next scam threat - report
KnowBe4 has warned it expects to see an increase in QR Codes and the WhatsApp chat platform being used for phishing and other scams. 
Story image
ChildFund launches new campaign to protect children online
ChildFund says WEB Safe & Wise aims to protect children from sexual exploitation and abuse online while also empowering them to become digitally savvy. 
Story image
Comcast to use ThreatQuotient for cybersecurity operations
Comcast, the parent company of NBC Universal and SKY Group, has chosen ThreatQ Platform and ThreatQ Investigations to meet their cybersecurity needs.
Story image
Artificial Intelligence
Gartner reveals top three tech trends for banks this year
Gartner says generative artificial intelligence, autonomic systems and privacy-enhancing computation are gaining traction in banking and investment services.
Story image
Tech job moves - Forcepoint, Malwarebytes, SolarWinds & VMware
We round up all job appointments from May 13-20, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Cybersecurity prompts upgrade for 1.3 billion electricity meters
ABI Research finds Advanced Metering Infrastructure (AMI) and cybersecurity concerns are prompting the upgrade of 1.3 billion electricity meters by 2027.
Story image
Customer experience
Gartner recognises Okta for abilities in Access Management
Okta has announced it has been recognised as a Customers' Choice for the fourth time in a row in the Gartner Peer Insights "Voice of the Customer" report.
Story image
Identity and Access Management
The post-pandemic workforce requires secure IAM capabilities
HID Global discusses what identity and access management means for organisations in today's convoluted digital world.
Story image
Sysdig unveils new Kubernetes troubleshooting and cloud innovations
Sysdig has introduced two new innovations that look to help bolster cloud services and simplify Kubernetes troubleshooting.
Story image
CERT NZ releases first Cyber Security Insights for 2022
CERT NZ has released Quarter One: Cyber Security Insights 2022, which offers an overview of reports about cybersecurity incidents affecting New Zealanders.
Story image
Elevation of Privilege the top 2021 Microsoft vulnerability
BeyondTrust has released its 2022 Microsoft Vulnerabilities Report, finding that Elevation of Privilege is the top vulnerability category for the second consecutive year.