Published on in Cyber Security

Guest author: Air Commodore Gordon Moulds CBE, Strategic Advisor, LogRhythm EMEA

In 2010, I commanded Kandahar Airfield (KAF) during what proved to be the most kinetic period in Afghanistan to date.


During my time, we successfully defeated a major coordinated, internal suicide attack on base – solely by making use of critical intelligence, having deep visibility across all KAF assets and spotting unusual behaviour at the earliest possible stage.

From this, the lessons for the IT security community become clear.

Going back to KAF, my job was to manage the expansion of the base and maintain safe and efficient operations, both in the air and on the ground, which was a challenging role considering there were 29,700 personnel from 46 nations.

When handling such vast and diverse groups of people, communication is paramount. However, what was surprising was just how little coordination and conversation there was between the different national agencies on site (and even with one nation).

Each agency had valuable intelligence, yet they continued to work independently, and as a result, little was shared across the base – thus potentially jeopardising our entire security position.

By taking steps to gain greater visibility into this breadth of information, we were able to essentially ‘put the jigsaw together’, see exactly where the vulnerabilities were and actually thwart an upcoming planned attack.

There is an undeniable link between this experience and the complex cyber security challenges faced by today’s organisations. Through my ongoing work with LogRhythm, I have realised the urgent need to apply the same method of intelligence correlation, analysis and response when dealing with increasingly sophisticated cyber criminals.

It’s been said time and time again that cyber space is the next frontier for attack or espionage, on both corporate and national levels. Even the language used – ‘cyber war’, ‘security battle’, ‘laptop army’ – reflects the extreme connotation with military tactics.

However, whilst correct, the battle is already in full swing resulting literally £B of lost intellectual property and hard cash! My reliance on intelligence and visibility to defend against a physical attack at KAF is just as relevant when considering the evolving threat landscape that is putting organisations, individuals and nations at the mercy of ever determined hackers, armed with next-generation malware and new methods of attack.

In short, organisations are facing a battle against the unknown, and if they are to adequately protect their networks, they must be constantly aware of all activity and be prepared for absolutely anything. Essentially, through the integration and initiation of available information, actionable intelligence can be gained to help prevent security breaches.

For me, this came in the form of physical information, logged history of events, location data and previous experiences, while for organisations this might very well stem from the hoard of unstructured log data, for instance, that is generated on a daily basis. In any case, it remains that information cannot be considered ‘intelligence’ until it is integrated.

Unfortunately, despite clear evidence to the contrary too many organisations have failed to move with the times and are still over-reliant on point security tools, which have proven wholly inadequate at protecting businesses from today’s advanced threats.

Furthermore, as within the military, technical advances mean that information can simultaneously come from multiple sources in multiple locations – and without the ability to integrate and decipher this vast amount of data, it becomes impossible to identify patterns and flag questionable network activity with enough time to deny a potential attack.

Considering the nature of the threat, all organisations should at the very least have the ability to combine resources and knowledge in real-time, enabling them to identify and remediate any issues as soon as they occur.

Forewarned, as they say, is forearmed, and failure to understand the information held within corporate networks can leave gaping security holes – and an open door for hackers, competitors et al.

All views expressed are the author’s own.


Air Commodore Gordon Moulds CBE, Strategic Advisor, LogRhythm EMEA

For more on Secure Thinking, visit

Image credit: D Sharon Pruitt

(Visited 419 times, 1 visits today)

Leave a Reply

Your email address will not be published.