• United States




Big D: The importance of middle linebackers in cybersecurity

Aug 29, 20172 mins
Cloud SecurityData and Information SecurityNetwork Security

Offense informs defense.

Cyberspace is a hostile landscape. Cybercriminals have become increasingly punitive this year.

Aside from the reemergence of worms we are observing some notable trends:

  • Watering Hole Attacks that employ destructive payloads
  • Mobile Attacks which leverage proximity settings
  • BEC utilized for second stage attack
  • Wipers deployed for counter incident response

Today’s adversary is intent on waging a cyber insurgency within your network.  

The more prominent your corporate or personal brand the more likely you will be targeted by the elite cybercriminal and spy. In order to protect one’s brand, corporate cyber defense must be modernized.

In 2017, we must appreciate that traditional end point security is dead. I left a traditional cybersecurity vendor 20 months ago realizing that 5% of cyberattacks would bypass end-point security.

The failure in traditional end point security is due to the widespread adoption of the Kill Chain. The Kill Chain starts with Reconnaissance. Reconnaissance is the act of finding a weakness in the target that the attacker knows how to exploit for their gain. Every corporation has weaknesses and every cybercriminal has access capabilities to attack platforms and exploit code. The overlap between the two is what we should be concerned about.

Attackers gain their economies of scale by using the same access capabilities over and over again, both within a specific target and across targets. This modus operandi is effective because (1) victim orgs rarely know what weakness was exploited that led to the alert several stages in the attack later (ie, root cause) and (2) those victim orgs that *do* know what the root cause was very rarely share it, or the mitigation they took to address it.

EDR helps address both problems. The impact of this change in security posture is that an attacker can no longer use an access capability more than once. How might we take a page from a defensive coordinator? Much like a all-pro middle linebacker. EDR can defend and respond to an super-charged offense.

Middle linebackers are the strongest linebacker who plays a hybrid position and can act as a lineman to disguise where a rush is coming from. Like Dont’a Hightower and Von Miller, an effective EDR allows your end-points to defend and respond to an attack.

Gartner has noted that the EDR market is booming but there are only a few best of breed linebackers.  Choose yours wisely, as defense wins championships.


Tom Kellermann is a cyber-intelligence expert, author, professor and leader in the field of cybersecurity. Tom is the co-founder of Strategic Cyber Ventures and serves as a Global Fellow for the Wilson Center.

Having held a seat on the Commission on Cyber Security for the 44th President of the United States and serving as an advisor to the International Cyber Security Protection Alliance (ICSPA), he has worked in the highest levels of cybersecurity. He has applied his expertise in the corporate world, as Chief Cybersecurity Officer for Trend Micro Inc. where Tom was responsible for analysis of emerging cybersecurity threats and relevant defensive technologies.

Prior to Trend Micro, Tom served as the Vice President of Security for Core Security. Tom began his career as Senior Data Risk Management Specialist for the World Bank Treasury Security Team, where he was responsible for cyber-intelligence and security policy as he advised central banks around the world about their cyber-risk posture.

In addition to his professional work, Tom believes in sharing his knowledge to benefit others in order to combat cybercrime. Tom was a Professor at American University’s School of International Service and the Kogod School of Business, and he co-authored the book “E-safety and Soundness: Securing Finance in a New Age.” He regularly presents at global cybersecurity conferences and is a contributor on cyber analysis for major networks. Tom is a Certified Information Security Manager and is a Certified Ethical Hacker.

The opinions expressed in this blog are those of Tom Kellermann and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.