Reading through the latest edition of Dilbert’s adventures in office politics, I find myself wondering whether Scott Adams, the comic strip’s creator, ever worked in IT. He seems to have a keen understanding of how IT issues manifest themselves in the workplace.

In a comic strip I read recently, Dilbert’s Pointy-Haired Boss finds a thumb drive on the sidewalk and, instead of simply discarding it, he goes back to his office computer and inserts the drive to see if he can use it. He may have found a new thumb drive, but he has also unwittingly released an Elbonian computer virus onto his organization’s network.

The cartoon made me chuckle, but IT professionals recognize that there’s more than a grain of truth beneath the surface of Adams’ humor. Two elements of the comic strip strike me as especially relevant to the modern IT environment: the thumb drive and the Elbonian hackers.

A “misplaced” thumb drive is a useful tool in the hands of an attacker seeking to bypass an organization’s perimeter defenses. I work with white hat security testers who use this trick successfully in many of their engagements. They will simply place a handful of inexpensive, large-capacity drives around the workplace; inevitably, someone will place a drive in their work computer. Whether they’re doing so to rummage around for interesting contents or, like Dilbert’s boss, simply to get a free thumb drive, the result is the same. Unbeknownst to the user, the thumb drive installs malware on the system that begins crawling the internal network.

The Elbonian hackers also have real-world parallels. We’ve seen the sophistication of attacks grow over time, but most hackers aren’t actually that sophisticated. They simply repurpose tools built by others to attack their targets. In fact, hacker tools often generate profits for their developers, and some even have full-fledged customer support efforts.

Defending Dilbert’s Network

Dilbert and his team find themselves facing the unenviable task of defending their network against an unwitting attack from within. One of the best ways they can do this is to take advantage of cloud-based security tools.

These tools are especially important in an environment where attacks become more dangerous by the day. You can no longer rely on single-purpose tools with outdated mechanisms of action. You also need to remember that your users are not just on your network. They access your resources from all over the world.

Cloud-based security tools leverage the global landscape for better visibility into attacks that are occurring. With a larger database of threats available, the intelligence of these tools is much stronger.

Cisco Systems’ Umbrella platform is one tool that can help Dilbert’s team — and other organizations. In many attacks, the hacker’s intent is to establish communication back to a command-and-control infrastructure. To do this while evading detection, they must continually move from IP address to IP address using Domain Name System (DNS) requests. If you can break the command-and-control chain, you will have time to react and protect your assets from being stolen.

Cisco Umbrella serves as a trapdoor to the external infrastructure. By continuously monitoring the internet for suspicious activities (such as geodiversity and distance, spoofed domain names or bogus registrations), Umbrella can identify potentially malicious targets and then redirect DNS requests for those targets before the command-and-control link is established. Working at the DNS level allows Umbrella to operate successfully even when command-and-control traffic hides within other protocols or when users open an infected computer outside the office on an external network, such as at a coffee shop.

In addition, the cloud intelligence of Umbrella, run by Cisco’s Talos group, can leverage more than 80 billion daily DNS requests to quickly provide you a statistically relevant view of the ever-changing threat landscape.

Even with powerful tools like this, changing user behavior can greatly improve security. So, the next time your users see a lost thumb drive, make sure they know to throw it in the trash.

Learn more about how CDW can help your organization deploy Cisco solutions to improve security.

This blog post brought to you by:

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>