It's easy to just move on to the next problem, ignoring what's happened -- but that's a mistake.

Liz Maida, Co-founder, CEO & CTO, Uplevel Security

September 18, 2017

3 Min Read

"The past is never where you think you left it."Katherine Anne Porter

Cybersecurity is a fast-paced industry, one that combats an ever-changing threat landscape. It's a semi-organized chaos of point solutions, patches, and processes designed to keep companies protected from the cyber attack(s) of the day. In the limited time not spent on addressing current threats, most practitioners are focused on what might come next. But little emphasis is put on how past incidents affect current and future threats.

Some of you reading that last sentence might think, "I can barely keep up with current threats; why should I care about past incidents?" I understand how this might sound counterproductive on the surface. However, the past can provide much-needed context for understanding future threats. Here's why the past matters in cybersecurity:

  • Find commonality: Past events could be connected to current events — not in the sense that the same threat is re-emerging, but that a previous threat could have shared attributes with a current threat, or that threats could be connected after applying machine learning or prediction algorithms. For example, security information and event management alerts might uncover a phishing email that an analyst then investigates and resolves. As part of that investigation, the analyst has probably identified a malicious IP address. Even though this incident is resolved, the IP address may resurface as the initiator of a future attack. If this information is not widely accessible, the next analyst may overlook the fact that there is a connection between attacks.

  • Adapt to evolution: If a past threat evolves into a new one, it's important to understand the original intent and basis for the attack. Rather than responding with an entirely new tactic, you may only need to tweak a past response to adapt to the new threat. Ransomware is a perfect example of an evolving threat that remains similar at its core, with tweaks to its deployment. Information learned in the past is a valuable part of adapting future responses.

  • Apply unique insight: After an incident is resolved, security teams file away unique insights learned from that event. However, when a similar event arises again, those insights remain filed away, instead of being used to address a new threat. This can result in duplicate work on the next problem, because the analyst might not be privy to the past insights found by a colleague.

  • Identify patterns: Recognizing patterns not only addresses current events but also helps predict and eliminate future threats. For example, individual events can be deemed harmless, but in the context of a series of events, a benign event could be part of a larger, more serious incident. Once a pattern emerges, it's then easier to predict what might happen next, raise the priority level of a current threat, and influence how the threat is resolved. For example, the past helps to uncover targeted attacks as criminals and nation-states try to infiltrate a network, attempting over and over again to achieve success. They often will change their methodologies but frequently there will be some pattern that emerges only if the past can be compared with the present and future.

The past should be neither ignored nor forgotten, especially in cybersecurity. However, security teams can easily overlook the past if it is not prioritized because of the rapid nature of the job. To stay one step ahead of hackers, find ways to use the past to better inform the present and secure a better future.

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

About the Author(s)

Liz Maida

Co-founder, CEO & CTO, Uplevel Security

Liz Maida is instrumental in building and leading the company and its technology, which is founded on core elements of her graduate school research examining the application of graph theory to network interconnection. She was formerly a senior director at Akamai Technologies, and served in multiple executive roles focused on technology strategy and new product development. She played a lead role in Akamai's initial efforts in DDoS mitigation, fraud detection, and mobile authentication, as well as security products including Akamai's cloud-based web application firewall and an analytical engine that leveraged Akamai's visibility into almost 30% of Internet traffic to assess the security risk of end user requests. Liz holds a Bachelor of Science in Engineering from Princeton University and dual Masters degrees in Computer Science and Engineering Systems from the Massachusetts Institute of Technology.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights