Protect The House .. from Hacktivism (Series)
avatar

Problem to Solve:  What can we do to protect our organization from Hacktivism?  How can I use my Application and Network Performance Management tools to help assist?

blue_hackerNope, not starting this article out with 80’s movie reference, music video, silly picture or bad pun.   This article is of the more serious nature.  I live in Northern Ohio and in July of 2016, Cleveland will be hosting the Republican National Convention. As those of us in the IT profession are very aware, “where there is a political event, the hacktivists will not be far behind“.  Hacktivism, (link to Wikipedia definition), is “the subversive use of computers and computer networks to promote a political agenda”.   We more commonly think of it as hacker(s) that want to make a political splash by somehow adversely affecting an organization’s business, workflow, process or charter.   Examples include defacing a web site, distributed denial of service (DDOS) attacks, Malware infection, DNS poisoning, stealing company information and publicly posting elsewhere, etc.  We also tend to think of this type of thing as being a tremendous “pain in the backside” (staying Politically Correct here), from an IT point of view.   It is a very daunting task to be responsible for protecting your organization from an unknown politically motivated hacking event to say the least.   My hat goes off to those of you directly responsible for your company’s cyber security programs and protection.

With respect to dealing with Hacktivism directly in our own back yard ….. Welcome Ohio, now it is our turn at the plate.

My Experience

I got my first experience in this realm in 2012 as Chicago was getting ready to host two “back to back” political events, the G8 Summit and the NATO Summit. What we learned was that the government “three-letter acronym” agencies were very proactive in alerting customers of the potential threats that coincide with the events.   As you can imagine, organizations in the Chicago area that had anything to do with banking, city and county government, electronic trading, public utilities, public transportation, insurance, health care, etc., were all on high alert.  With the known potential threats well in advance of the event, we had customers asking for our help. Their request was to bring “any and all” functionality that could be used for cyber security related use cases.   I had to admit, this was a bit of a different challenge as the majority of my experience was really in the area of network and application performance management, not cyber security.

Epiphany of the “Cyber Complimentary” Approach

But the more that we brainstormed and thought through the customer’s actual problem and request, the more use cases, workflows, and cyber related functionality we discovered.  The epiphany was that we could use traditional Network Performance Management (NPM) and Application Performance Management (APM) solutions to be “Cyber Complimentary“.  As the customer had several specific cyber security tool-sets already at their disposal, there really was no reason to try to rework or replace these solutions.   These cyber security tool-sets served specific requirements in the areas of Intrusion Detection Systems (IDS), Firewall, Intrusion Prevention Systems (IPS), some Denial of Service, Malware, and Anomaly detection as you would imagine.  What we found were workflows and use cases that could be addressed with NPM APM tools that filled in gaps, tied information or environments together, or enhanced the security tools in some ways.

This is the introduction to the series to address Hacktivism. My goal with this series is to address various topics that will help you build a “best practices defense strategy” by including your NPM APM solutions, all from a Hacktivism perspective.  These articles will be released over the next few weeks.

The Hacktivism Series Line Up

Article Link to Article
 

 

Protecting the Foundation – Critical Services

network no workiehttps://problemsolverblog.czekaj.org/troubleshooting/protect-foundation-critical-services-hacktivism-part-1/
 

Protect the Highway – Critical Links and Infrastructure

traffic network jamhttps://problemsolverblog.czekaj.org/troubleshooting/protect-highway-critical-links-hacktivism-part-2/

Protecting the Critical Application Services

Blog 3 Targethttps://problemsolverblog.czekaj.org/troubleshooting/applicationhacktivism_3/
 

Protect Critical Unified Communications Service

UC_whackamolehttps://problemsolverblog.czekaj.org/troubleshooting/protect-critical-unified-communications-hacktivism-part-4/

Protecting the Virtualized Server Infrastructure

Homer Virtualization_2https://problemsolverblog.czekaj.org/troubleshooting/hacktivism-protect-virtualized-servers/ 

Protecting the Remote Workers and VPN Connections

Remote Remote https://problemsolverblog.czekaj.org/troubleshooting/remote-remote-work-home-go-hacktivism-6/
Looking for the Unknown with Anomaly Detection  anomaly fish going wrong way

https://problemsolverblog.czekaj.org/troubleshooting/looking-unknown-anomaly-hacktivism-7/

 

SIEM Bat Time .. SIEM Bat Channel .. SIEM

https://problemsolverblog.czekaj.org/cloud-virtualization/siem-bat-time-siem-bat-channel/

 

Here we go....

For Ohio based customers, please feel free to register and attend our *FREE* seminar on May 19, 2016 10 am at the Global Center for Health Innovation in downtown Cleveland.

CyberSecurity HACKTIVISM Summit (In Prep for 2016 Republican National Convention)
Thursday, May 19th 2016 10:00 AM – 4:00 PM

https://www.regonline.com/May19Cleveland