March 8, 2017 By Security Intelligence Staff 3 min read

Growing up in a small town, there wasn’t much to do. One magical day, I watched as a truck pulled up to the one restaurant in town and delivered a large crate onto the loading dock. Intrigued, I rode my bike over as the employees popped the top off a crate and revealed what was inside: a new arcade game called Missile Command.

Fast forward to several months later. By this point, I’d probably dropped enough of my parents’ hard-earned salaries into that machine to pay for a midsized car. I put everything I had into that game. Invisible bad guys would fire their missiles from above to destroy my cities at the bottom. The only thing standing between the two was me, my trusty track ball and a yellow button.

Sadly, every game eventually ended in defeat. I’d start off well, then the pace would pick up and the bad guys would change tactics to distract me. I would do my best to adjust to the information overload. Toward the end, I was just mashing the button as fast as I could and moving the track ball left to right and back again as fast as my fingers and wrist would go. If I did well, my high score would go up by some minor increment, I’d get to add my initials to the leaderboard and then I’d drop another quarter into the slot and start all over again.

Game Over for Information Overload

What in the world does this have to do with cybersecurity? Quite a bit if you think about it. In the beginning, every security practitioner gets excited when that new delivery arrives, be it a firewall, intrusion detection or prevention system, unified threat management (UTM) or security intelligence and event management (SIEM). Then, the security resource plugs it in and the activity begins.

The pace of activity is slow at first — everyone high-fives each other because things are going well and security is happening. Then the pace picks up. The alerts start coming in fast and furious. The noise in the system gets louder and louder. Security team members scramble to evaluate each alert, only to find that many were merely distractions.

The missiles keep on coming, faster and faster and faster. Eventually, the security team is overwhelmed and must switch to what is best described as a purely reactionary mode. The track ball goes back and forth, and the button gets hit over and over again.

Real-Life Security Is Not a Game

Here’s where the game and the security team tales diverge. When the game ends, you might get a high score and drop in another coin to start over. For the security team, there are no do-overs. The attacks continue and the information overload persists. The pace accelerates. The losses and impacts are real.

Security teams do the best that they can, all the while knowing that something is going to get through eventually. Adding more security technologies to protect the environment might seem like a fix, but every time a new piece of technology gets plugged in, the noise increases. But if you don’t plug in that new device, you’re not even giving yourself a chance to shoot the missiles out of the sky.

This is where IBM Security can help. Our team of security experts can help you evaluate your defenses today and use that information to deliver a plan to optimize your defenses tomorrow. Managed Security Services provide the experts and technology necessary to protect you from the onslaught. Working together, we will fight smarter to cut through the noise to focus on what really matters: keeping your environment safe.

Priming Your Digital Immune System: Cybersecurity in the Cognitive Era

More from Security Services

Pentesting vs. Pentesting as a Service: Which is better?

5 min read - In today's quickly evolving cybersecurity landscape, organizations constantly seek the most effective ways to secure their digital assets. Penetration testing (pentesting) has emerged as a leading solution for identifying potential system vulnerabilities while closing security gaps that can lead to an attack. At the same time, a newer entrant into the security arena is Pentesting as a Service (PTaaS). Although PTaaS shares some similarities with pentesting, distinct differences make them two separate solutions. This article will discuss how these methodologies…

How I got started: Attack surface management

4 min read - As the threat landscape multiplies in sophistication and complexity, new roles in cybersecurity are presenting themselves more frequently than ever before. For example, attack surface management. These cybersecurity professionals are responsible for identifying, mapping and securing all external digital assets an organization owns or is connected to. This includes servers, domains, cloud assets and any other digital points that could be exploited by cyber criminals. Their role involves continuously monitoring these assets for vulnerabilities, misconfigurations or other potential security risks…

X-Force uncovers global NetScaler Gateway credential harvesting campaign

6 min read - This post was made possible through the contributions of Bastien Lardy, Sebastiano Marinaccio and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related…

Does your security program suffer from piecemeal detection and response?

4 min read - Piecemeal Detection and Response (PDR) can manifest in various ways. The most common symptoms of PDR include: Multiple security information and event management (SIEM) tools (e.g., one on-premise and one in the cloud) Spending too much time or energy on integrating detection systems An underperforming security orchestration, automation and response (SOAR) system Only capable of taking automated responses on the endpoint Anomaly detection in silos (e.g., network separate from identity) If any of these symptoms resonate with your organization, it's…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today