What do you think of when you hear the term “silent failure”.

With certainty, you won’t hear ANYTHING. There is a little pun in that question but when you company the word silent with the word failure, you know it I can’t be good. We use the term silent failure in cybersecurity to describe an event where the layers of defense have been breached, and nobody is any the wiser.

The nobody isn’t just information technology staff, but the entire organization. Someone or something has taken advantage of an existing vulnerability. An unknown vulnerability is one thing. However, a known vulnerability is worse. It is worse because it was previously identified and not addressed.

Imagine your house has 2 doors. One is a screen door and the other sits behind it. Both require different keys. The screen door’s mechanical lock is broken (known existing vulnerability). There was a recall made by the manufacturer, but it is never repaired or replaced. Now, all that remains is for someone to pick the lock to the second door. For all intents and purposes, you were 50% less secure than you originally thought.

Someone has now gotten through 1 door that you thought was 2, they are inside your organization, and you know nothing about it. This is silent failure, and the silence is truly deafening. You are not only unaware of their presence, but how long they have been there, what they have been doing, and what they might have already done.

It’s not until something bad happens that you become aware, but by that point in time the damage has already been done.

Today’s cybersecurity landscape can no longer rely on passive approaches to modern threats. We need human eyes in conjunction with artificial intelligence that contribute to what we call threat intelligence.

With the right threat intelligence, we have real-time access to most, if not all elements of the technology system and get a clearer picture of the kinds of activity that indicate something nefarious is being attempted. With that insight we can proactively respond in real-time leveraging automation.

At Auxzillium we implement the kinds of tools mentioned above to address things like silent-failure and eliminate breaches. While no organization is unbreachable, the goal with cyber-security should be to implement layers of defense that harden an organization from old, new, and evolving threats.