Target, JP Morgan, Anthem, Office of Personnel Management/Department of Defense, and today United Airlines. Breaking – the DoD took down the Joint Staff unclassified email network on the weekend and it remains down at time of pixel!
Bloomberg explains the strategy between the United Airlines, and other possibly connected hacks, and why you should be even more worried than you already are. What can we as individuals and companies do? Where do you start? And can you really do anything to stop hackers with unlimited resources who are patient and determined?
When it gets to ultimate Spy vs Spy hacking contests no defender can win, even with the NSA on their side, as the problems that the State Department has had with their non-classified email have demonstrated. Yet you can still be a harder target and give yourself a better chance of detecting and defeating these intrusions. There are innovative solutions from FireEye, Bromium, and Digital Guardian to the challenges presented by sophisticated attackers and APTs. Innovation, however, means nothing if you still haven’t gotten the basics right. OPM had for years had problems getting the systems to understand and document what assets it had and relied on, as detailed in repeated Inspector General reports that were never acted upon – OPM was technically operating illegally as it didn’t have Authority to Operate (ATO).
Despite years of evangelizing for IP Address Management, IT Service Management, Configuration Management (CMDB), and rigorous auditing, even Fortune 100 firms and Big 4 Accounting firms are still using spreadsheets, emails, word documents, and tribal knowledge. When your “process is in the cloud” that’s not supposed to mean that it’s just up in the air and a fog of words!
LightMesh gives you visibility of dependencies across your entire infrastructure from the ultimate end-user and the business services they rely on to physical switchports and everything in between. By integrating many different tools that are typically separate and creating connected dashboards that leverage your existing investment in monitoring and ticketing systems, LightMesh gives your entire organization real-time situational awareness through a single pane of glass.
With an easily consumable REST API and our new spreadsheet import tool, loading data can be done in a few days. Our responsive HTML 5 interface allows the entire organization to find the answers to hard questions that now require 5 separate systems that only domain experts understand. No more 7 to 18 month stand-up and adoption projects that blow your budget and don’t solve the problem in time.
LightMesh’s automation and orchestration of switch configurations from vendors like Cisco and Arista, public, private, and hybrid clouds like AWS and OpenStack, and traditional physical and virtual server management tools like VMWare and Microsoft also act as a unified control plane to drive change. Combined with customer self-service through single-page apps and developer access to the API, your entire environment becomes self-documenting with reliable Living Documentation that is not only always up-to-date but always complies with policy and standards. And with no effort from IT!
All of this combines to give the entire firm the knowledge and confidence critical to leveraging new security tools, new types of infrastructure such as SDN and Containers, more nimble and agile processes, and new ways of consuming IT like DevOps and customer self-service. So stop APT1 in their tracks and call us today!