This is why Ericsson-s recent announcement that they will integrate KSI into their portfolio is so critical for global cybersecurity teams who are tasked with defending their organization's most valuable asset: data.
Native forensics i.e. KSI integrated into the fabric of cloud and physical infrastructure gives mathematical certainty about what happened when without any reliance on human administrators or credentials that can easily be compromised. Quoting Jason Hoffman: “How do you make sure nobody has messed with things and don’t have the ability to cover their tracks. Devices may be able to be hacked, but we would know it and awareness is the first step.”
Back to the article. The second statement there is even more interesting:
“The intruders used multiple zero-day strategies -- so named because they let hackers take control of target computers by previously unknown methods, giving programmers zero time to develop a patch -- and placed layers of custom malware into the network, according to the people familiar with the probe.”
It is time that we started realizing that malware is an integrity problem – it compromises the integrity of the system – and only with the instrumentation that KSI provides can security professionals know malware has entered the system. There will always be vulnerabilities and a sophisticated adversary will always shape their attack techniques to identify and take advantage of the latest vulnerabilities in applications, interfaces, implementations, and security measures associated with antivirus, firewalls, Intrusion Detection systems, and access / authorization credentials.
Adversaries also undertake intricate measures to cover their tracks to stay hidden from reporting and auditing systems, systems administrators, and security applications. An experienced attacker can sometimes be present in the affected enterprise for weeks or months after gaining entry before detection.
Anti-virus, sandboxing and multi-vector virtual execution are important tools in the arsenal – but they are like searching for needles in a haystack, they can’t provide the visibility into the system as a whole. KSI gives you the opposite, real-time situational awareness of every stalk of hay and a scalpel to cut through the network, isolate and mitigate the compromise - in real-time.
Security is the trillion dollar problem for global society and modern security address the symptoms not the root cause. KSI, delivered as a service to world governments and corporations via their telecommunication partners makes it possible to meet all the security, audit and compliance requirements that are so desperately needed.
We couldn't think of a better partner than Ericsson to execute on that vision.