Below are some security best practices as told by Mr. Robot – the popular TV series about hacking, currently wrapping up its second season. By taking such simple steps, security professionals can make significant improvements to their security posture.
And the best way to implement these steps is to leverage Demisto’s solution. As a security analyst or SOC manager, you can use Demisto’s automated incident response platform to managed the diluge of events that come in every week and be best prepared when breaches occur. The product provides a competitive advantage that is unrivaled in the industry.
1. "We’re at war."
One skirmish does not win a war. You might be successful at fending off an attack, but the hackers will return. Because the war is never-ending, you can’t afford to drop your guard just because you have won a battle or two.
2. "Control is an illusion."
Sooner or later, you are going to get hacked — if it has not already happened. You cannot control the enterprise network or hackers. The only way to control the situation is to accept that you have no control, and be prepared for when attacks hit, and to limit the damage.
3. "No one is immune."
Some SOC managers fall into a false sense of security, believing that hackers aren’t interested in their organization. They reason that since the company does not maintain files on customers' credit cards, have an extensive research program, or deal with confidential data, it is safe from hackers. However, considering all of the data stored on servers, including personnel records, vendor information or employee passwords, it is easy to see tidbits of information that hackers would want. The "it can't happen here" mentality can have dire consequences.
4. "And unfortunately, we're all human."
Humans make mistakes. They overlook an important detail in large amounts of alerts and security data. Nobody is perfect, and with the vast number of variables that SOC managers must consider, the chances are high that something will be missed sooner or later.
5. "Defeats can still be profitable."
Sometimes, despite your vigilance and best efforts, hackers succeed. When this happens, use the experience to improve response procedures. Evaluate what happened, what went wrong, what went right, and plan for a better response next time.
6. "The devil is strongest while you’re distracted."
Today's hackers have top-notch skills. Feigning one type of attack to distract while they commit a much more devastating attack is well within their abilities. Having an innocent snippet of code can mask a destructive worm is another possibility. Bad guys use smoke and mirrors to keep one from looking in the right places, similar to the way that a stage magician will direct the audience’s vision to one hand while he manipulates his props with the other.
7. "The python approach: lie and wait for the right moment to strike."
As predators go, pythons are remarkably patient. Once they decide that the time is right to strike, they seldom miss. There are some hackers with infinite patience as well. Organizations may have ticking time bombs in their systems, but aren’t aware that they have been hacked because the trigger event hasn’t occurred yet.
8. "The devil you know is better than the devil you don't."
It is always better to deal with someone or something that is known, rather than deal with the unfamiliar. SOC managers often stay current on identified vulnerabilities that hackers are exploiting and the various methods that they are using to breach security. However, consider trying to "think like a hacker" to identify what hackers might want from the organization. How could they circumvent the safeguards? What threat surfaces would be the most likely point of attack? Putting oneself in the hacker's shoes can result in knowledge that can be used to ward off attackers.
9. "Are you a one or a zero?"
Mr. Robot asks this question when he confronts Elliot about his indecision to join the hacktivists. In other words, "Are you in or out?" As an SOC manager, you must be ready to do what it takes to protect the organization instead of employing the "wait and see" approach?
If you are ready to be proactive, then you need to be prepared to respond to incidents in a timely, efficient and logical manner. Your organization will need an incident response plan, a qualified response team and test runs to ensure that the team knows what to do and how to react to every type of incident. This can help avoid having to hear yet another quote from "Mr. Robot," which is: "I don’t know what I’m supposed to do."
So take advantage of the Demisto solution to best respond to sophisticated attacks. You’ll mitigate risk, save money, and safeguard you company’s reputation.
Demisto is an incident response platform that combines security orchestration, automation, and decision support for managing all alerts. Companies using Demisto can leverage the most out of every security product in their arsenal including SIEM, end-point and network security, and malware analysis. The plethora-product integration provides a competitive advantage over hackers while improving analyst efficiency.