Inner vision: invisible digital protection tool – opinion

By David Raso

In a world based on Cyber ​​Security Advanced Technology, a quiet factor is decisive, but rarely discussed: human intuition. Digital Systems depends on tools such as protection These are

Safety information and event management), which collects and crosses and crosses and crosses the events of Artificial Intelligence -Originated Disorder, the ability to alert outside standard behaviors. However, these solutions, how powerful they are, always start from those who are already defined as the accused.

On the other hand, when nothing seems wrong, the internal vision comes into action, but the analyst thinks that something is not enough. Similar to the experienced policemen who cross the street, not doing anything illegal, but to increase anyone’s posture or contraction suspicions, digital security professional, learn to recognize the invisible patterns or, when a pattern is very perfect.

Instrument in the context: What is it and how is it formed?

In this case, the intuition is not believed or assessed. It is a psychological process based on implicit knowledge, which is always a verbal knowledge, but is built by a constant observation, experience of the event and exposure to vague conditions.

We can compare it to the home -knowable people who are well -known to the house and after entering, something can be noticed that something is different. A little azar when a window is closed. The light is depleted, but there is a smell outside of casual. This is not clear details, it is a subtle contradiction, and only someone with experience in the place can catch. In cyber security, the same sensitivity separates the obvious generalism from the presence of discreet intruder.

This understanding may be decisive to determine, for example, continuous access, lateral movement or quiet boycott.

Continuous access takes place when the attacker can stay in the system for days or weeks without identifying. Someone is able to enter the building with a legitimate card and is hidden in a slightly used room, without lifting the suspicions, noticing everything that is wise.

The lateral movement describes the progress of the striker inside the network, looking for more valuable goals. After entering the kitchen, you can imagine as an intruder that opens the interior doors with the keys found inside her houses until she is safe, moving silently around the house.

Data Exfiltration, on the other hand, is often slow and impectable when extracting sensitive information from the company. Every day, someone came out with a sheet of paper in his pocket. Nothing in particular causes alarm. But after some time the file is empty.

Because they fail automatic systems as usual

Most modern identification tools are based on disorderling. If an IDS (IDE (IDE identification) or machine learning solution seek statistical deviations such as non -hihby traffic, sudden changes in consumer behavior or unexpected files in the files. However, if the attacker assumes the normal standards of the organization, he is not completely recognized.

It is during this time that human intuition becomes an additional value. G’s collaborator who accesses every day at nine o’clock in the morning, works up to five in the afternoon and always uses the same equipment. The attacker who reproduces these times and routines looks like an automatic, perfectly legal system. But it may be surprising that an analyst’s duration of the real habits of this account is always the same or that the navigation between the folder follows a very uniform pattern. Like the detective who suspected guilty, everything seems to be very clean, and the analyst does not even need anything.

This is this discomfort, this little doubt, which can initiate a specific investigation.

Train intuition: Think like an opponent!

Inner vision is not taught as the operation of a tool is taught. But as long as the structural environment is designed for it, it can be trained. Cyberscepro, National Academy of Cybercensess and Technician+ are examples of organizations developing programs based on real, challenge and unpredictable scenes, where graduates face clear answers or clear indicators. Understanding the context in practice, questioning that it is correct, and identifying anomal samples even when the data is inherent.

In modules, focus is not only on identifying or reflecting known methods, but also in observing system behavior, crossing small signals and making decisions based on closing instructions. This procedure leads to thinking trainees like strikers, to explore paths and explore non -failure points. More than applying commands or to follow certification lists, critical thought and attention will be trained.

This type of manufacture will be needed when you want to train a company that is really ready to protect a company in a great disguise of the threat.

Practical example: When warning is not vigilant.

In exercises conducted in the simulation scenario, a business network is built with customers, traffic, equipment and clearly legal access. On the surface, everything has worked as expected. Automatic tools do not recognize suspicious activity. The times are stable, evidence is valid and systems are stable.

However, one of the participants noticed the most common standard. There is a connection that started at the same time every day, in the same period, followed by new access moments. Behavior also does not violate any politics, but it is artificially perfect.

After this concept, he decided to investigate. He further increased the records, analyzed the equipment and found that there was access to the automated script using commitment credentials. The attacker mapped the resources of the company, quietly, inside the network.

There are no alarms. There are no warnings. There is only one intuition, built by exposure to such cases, which has increased the proper doubt. And with it, the disruption of infiltration originated.

Modern cyber security needs more than sophisticated tools. It requires the ability to understand what is not written, identifying what is not seen, yet to work before there is no evidence. Inner vision, when cultivated in true and demanding cases, is the last line of protection. And only everything else is left when everything else is normal.