Did you happen to catch the Clemson vs Alabama NCAA Championship game Monday night? While the Clemson upset was thrilling to watch, I bet most fans had no idea there was another team behind the scenes, hard at work, keeping attendees and the stadium safe from cyber threats.
Yep, our diligent Respond Analyst™ was working away in a state-of-the-art Security Situation Room live during the entire game day experience. We had the privilege to partner with students from Norwich University in this onsite cyber-offensive in one of the newer football stadiums.
Cybersecurity is becoming more critical than ever before at these big events. Keeping close to 100,000 fans streaming video, playing social streams on the jumbotrons, and communication on the field has turned sporting events into a serious technical infrastructure. The potential for malicious malware attacks or other security breaches during these live events keep IT leaders on edge, the entire time they are online.
Really, every event should be monitored and analyzed for security implications during live events to help ease the risk. The problem is there are never enough people to handle it. That is until now...
For the first time in my 18-year career, I witnessed 243,000 events analyzed, 431 events diagnosed as malicious, and 13 scoped incidents escalated—without one false-positive through the entire event! The Respond Analyst’s Decision Automation technology performed without any disagreements from the onsite security team. Bottomline, the Respond Analyst learned its environment in less than a few hours!
To put that into perspective, a traditional security team would need more than 125 trained analysts to cover this volume in the same timeframe. The Respond Analyst covered all of this, freeing up the 6 onsite Norwich students to focus on threat hunting and more strategic security concerns.
This was a humbling experience for all of us at Respond Software who work so hard to deliver solid cyber incident response results for our customers. For those who know my style, I’m not one to brag or fluff the numbers just to give marketing a win, and this time, even I had to sit back and feel good about our capability and results.
One of the best parts was how fast everything was up and running. We built a server loaded with the Respond Analyst and sent it into the Norwich University students to set up. Everything was handled remotely by the Respond Software team and the Respond Analyst was operational within 6-7 hours from start to finish. Immediately after the first escalation, the students realized the event was a real threat (not junk data)—right away it generated more interest with the students and security personnel.
This is why I love helping customers. Knowing that the Norwich team could go to bed knowing that their networks were safe. They could identify and address cyber threats quickly—covering more with a smaller security team, meant they could focus on higher priority tasks. I look forward to working on more events like this in the future.
For over the past 10 years Steven has built and matured security operations, and hunt teams for companies across the globe. Steven Wimmer has provided strategic and operational consulting to over 20 companies globally, including end to end SOC builds, hunt teams, and incident response. Prior to his role as Senior Technical Account Manager at Respond Software, Steven worked on developing hunt operations and cyber intelligence services at HP Enterprise. Steven is a seasoned cybersecurity veteran with a focus on developing and improving security operations in all verticals.View all posts by Steven Wimmer