Doors and corners in cybersecurity: Protecting against known and unknown threats
Huge sci-fi fan here! Maybe when you see or hear the term “known and unknown threats,” you too hear “doors and corners.” Detective Miller from “The Expanse” by James S.A. Corey tells Captain James Holden, “I keep warning you. Doors and corners, kid. That’s where they get you.” Miller keeps muttering “doors and corners,” and, as a seasoned detective, he’s frustrated that humans can’t seem to get the obvious. (If you don’t know the story, Miller appears as a protomolecule-tinged phantom at this point in the book, so his sage advice is a bit lost on the rattled Holden.)
The phrase “doors and corners” is often used in the context of combat and tactics, where attackers tend to have the upper hand in confined spaces. Similarly, in cybersecurity, the concept of “known and unknown threats” can be compared to these spaces. Known threats, like attackers using known tactics, are often detected and can be countered with existing security measures. However, unknown threats, much like attackers in unfamiliar spaces, are harder to detect and counter, and require a different approach.
Cybersecurity professionals must be vigilant and constantly searching for potential blind spots or vulnerabilities, similar to how combatants need to be aware of potential ambush points in a confined space. By understanding the nature of both known and unknown threats, we can better prepare ourselves to defend against these threats in an ever-evolving digital landscape.
There are many tools that can detect known threats in your cloud environment. That’s watching your doors and corners! But you’ve got to protect your cloud environment from potential unknown threats as well.
The combined power of Amazon GuardDuty and the Lacework Polygraph® Data Platform provides you the insight needed to help protect against both the knowns and unknowns. Amazon GuardDuty enables threat detection on AWS native services, and the Lacework Polygraph Data Platform extends this by providing rich, workload-level data for process and container threat detection, compliance assessments, and user behavior auditability, all in one place.
How? When using Amazon GuardDuty and Lacework, all alerts can be consolidated within AWS Security Hub. With the ability to view all of your AWS security events in one place, whether from AWS native services and/or the Lacework Polygraph Data Platform, you get the best of your response and remediation workflows.
Our customers appreciate that they can utilize the two solutions together, and here’s a real cyber tale. HealthTech company, RapidSOS, had this to say:
“The combination of Lacework and AWS — including services like Amazon GuardDuty and AWS CloudTrail — helps us monitor and attribute behavior end-to-end, from initial activity to ensuring the appropriate changes get made. We can monitor suspicious behavior or anomalies, then link the behavior to the change that was made. It’s about insight, for sure, but more importantly, efficiency, as the tools talk to each other.”
Security is complicated, and it takes a tight team to effectively prevent and protect against potential threats. AWS and Lacework are committed to building solutions for our mutual customers that simplify the problems they face in security so they get immediate value and keep the bad guys at bay. With AWS re:Inforce right around the corner, we invite you to to learn more as you never know what’s next to discover.