And learn lessons from people like Kevin who have lived through this. Because if you have not seen the types of attack that Kevin has experienced, you're in deep, deep trouble, because you are experiencing them.
SHIMEL: Adam, your advice?
O'DONNELL: Easy. You can't go and address the threats you are facing nowadays by buying a black box from a security vendor and having them say, "Trust me, we got this." You need technologies that give you visibility into the attacks you're seeing right now, as well as visibility into seemingly innocuous behavior. You need to be on both the host and the network, and you need to be able to tie those two data points together. You also need to have a plan in place that lets you control and address some new attack once it comes in. Because as Kevin said, when D-Day comes and you don't have these tools in place, you're not going to be able to respond.
SHIMEL: Fantastic. And last but not least, Kevin?
KERR: You can't just do one thing. Technology helps, but understanding risk and threats is a big piece because you can't go and buy the latest two zillion dollar tool. You're working in a very hostile environment, and you've got to figure out how to detect [the bad guys], contain them and then stop them from getting stuff out. And be willing to reach out for help when the stuff hits the fan. That was one thing we weren't afraid of and I thank management for backing us on this from a security perspective. We reached out to other national labs, we reached out to industry, and within 24 hours we had 30 people on-site from various entities helping us to figure out what was going on.
Sign up for Computerworld eNewsletters.