Security starts here.
Let us help you take a strategic approach to data protection and the security of your network and mobile devices.
By Dave Grady
Chief Cybersecurity Evangelist, Verizon Business Group
Prolonged website outages and massive data breaches get all the headlines, serving as painful reminders to consumers and business and government leaders alike about the importance of data confidentiality and the availability of key IT systems. But what about the integrity of data and the integrity of the systems housing that data?
One of the very first concepts that entry-level security analysts are taught is CIA—confidentiality, integrity and availability. Everyone knows that an organization’s reputation can be thoroughly destroyed when the confidentiality of its customers’ data is compromised. And it’s common knowledge that millions of dollars in revenue can be lost when a critical website is unavailable for a few hours.
But integrity?
Despite rarely capturing headlines, integrity is a critical component of any security program, especially in highly regulated environments.
Having confidence in the integrity of your data—that is, knowing that it has not been altered in some unauthorized way—is an absolute necessity in the digital world. From billing and accounting systems to trading platforms, data integrity (or the lack thereof) can make or break an organization overnight. And having confidence that the machines that power and protect your organization are actually configured the way you think they are is another absolute necessity. Unauthorized and undetected changes to settings in any number of systems can lead to data theft, fraud and unsanctioned wire transfers— and to greater exposure to email-based malware, viruses and phishing campaigns.
As it does in real life, integrity in the digital realm matters greatly.
A formidable challenge—and a new approach
Assuring the integrity of systems and data, however, poses a formidable challenge for many organizations. The sheer volume of structured and unstructured data and the overwhelming number of databases, physical and virtual IT systems, and devices that require precise configuration can quickly swamp a security team. Many organizations face cyber-staffing shortages and other resource constraints and are already struggling to keep up with burning issues related to the confidentiality and availability of data.
Assuring integrity, which has been traditionally seen as a manually intensive and mind-numbing task, often gets placed on the back burner.
Now, a solution inspired by blockchain technology called Machine State Integrity is emerging as the solution to this vexing security operations challenge.
Blockchain has quickly evolved from a promising buzzword to a proven technology with meaningful use cases in a variety of industries, especially financial services, legal, manufacturing and transportation. Leveraging some (but not all) of the key concepts of blockchain, Machine State Integrity marks a new approach in cybersecurity. It aims to capture concise “state” information and continuously monitor every machine in an organization’s environment to accurately identify, analyze and flag changes to those systems. Think of it like taking a picture and always having it on hand to compare it to the next picture you take of the same thing, so you can be sure they match. A cryptographic seal is added to each event snapshot, making it possible to verify exactly when and at what stage in a process an anomaly occurred, and what steps need to be taken to mitigate impact.
When a cybercriminal breaches security, they can change systems settings, configurations and even entire network architectures in a matter of seconds. For organizations required to comply with contractual service level agreements, these unauthorized changes—even if they’re small—can go undetected for too long, and that can result in significant business disruption and lead to legal exposure.
Machine State Integrity enables continuous monitoring for changes and provides real-time reporting and alerts to help IT and security teams efficiently correlate their findings against the baseline—that picture taken earlier—in just seconds. This means faster remediation of integrity issues.
Consumed as a managed service, Machine State Integrity can free scarce security resources to focus on other pressing concerns—like the confidentiality and availability of data and systems.
Learn more:
To learn how Verizon partners with enterprises to help protect against today’s cyber threats and prepare for what’s next, explore Verizon’s security products.
Or, request a consultation: 877.297.7816.