John Donovan | Lucidum

John Donovan

Head of Security, Malwarebytes

LinkedIn

So you have your knowns, your unknowns, and you have your unknown unknowns. So this whole conversation around visibility is really important because part of what your responsibility is to tell the company and the exec staff, and give them your assessment of the risk currently in the environment.

And you might be walking into a situation where someone has that program in place already. You might be walking into one where there is not. You can’t really get a good idea of what your attack surface is. What is the area that you need to defend? Unless you have a strong understanding of what all those assets are, you can’t know about the critical things that you need to protect.

In this case, it turned out to be, there was a well-meaning person in the QA team who had data they needed to move along. So they plugged in a personal NAS device, you know, a little network attached storage device that was full of all the files that they need to transfer to somewhere else.

And absolutely, that wasn’t going to be in the asset inventory, that was a personal device. It was also a device that happened to have some vulnerabilities.

Without having some of the logging in place, we wouldn’t have caught that. That’s where Lucidum helps us excel.

Now, the flip side of that story is we just happened to catch that because of someone who’s going through some searches. And because it happened to be a vulnerable system.

What happens in this scenario where you’ve got 10 more of those across five of your offices? That’s where I really think that looking at getting the right level of visibility is critical to being able to track down those types of issues.