As many people are aware, the final trilogy of Star Wars is going to be made and I am excited/intrigued about what the plot is going to be. However, one question I always ask is “How different would the story have been if the Deathstar were more secure?”

Along with most Star Wars fans, the moment when the rebel alliance flew in on mass to destroy the Deathstar was one of great intrigue. With a power so great and protection around the entire perimeter of the battlestation, how could it ever be penetrated?

Of course the hero, Luke Skywalker, saves the day by finding a small gap and, undetected, flies through to the center of the Deathstar, destroying it and escaping without a single scratch.

When comparing this scenario to what we see everyday in the news regarding cyber attacks, it is very similar- right down to the part where organizations react to the breach far too late. It is of utmost importance for organizations to make sure they are able to see and react instantly when a security breach is happening, no matter how small. As we see with the case of the Deathstar, it only takes one opening for an attacker to slip in and cause a tremendous amount of damage.

Having a thorough Security Intelligence strategy in place, with a next generation SIEM as the center piece, is vital for an organization. With the advantage of real-time normalization and correlation across your network, any abnormal behavior will be highlighted and notified immediately to your security team, detailing where, when, how, what and why about the attack.

It is just my opinion, but if the Deathstar had an anomaly detection system to highlight immediately when enemies were within its network, Darth Vader would have had a much easier life…. “May the Force be with you”.



more from Intelligence & Analytics

IOCs vs. IOAs — How to Effectively Leverage Indicators

Cybersecurity teams are consistently tasked to identify cybersecurity attacks, adversarial behavior, advanced persistent threats and the dreaded zero-day vulnerability. Through this endeavor, there is a common struggle for cybersecurity practitioners and operational teams to appropriately leverage indicators of compromise (IOCs) and indicators of attack (IOAs) for an effective monitoring, detection and response strategy. Inexperienced security […]