search external-link twitter facebook feed google-plus linkedin angle-left angle-right angle-up angle-down youtube-play
Hexadite - Security Orchestration and Automation - Automated Incident Response
Group Created with Sketch.
Open Menu
The Hexadite Blog
Expert advice and round-the-web cyber security news to help secure your company. Get the latest industry insights delivered to your inbox.

Sign up and stay up-to-date.

Blog / /
By Nathan Burke

4 Things We Can Learn About Cyber Security from Aaron Lufkin Dennison, 1850s Watchmaker

"Dennison, Aaron Lufkin, Portrait" by Henry Abbott - A Pioneer, a History of the American Waltham Watch Company. Licensed under Public Domain via CommonsIn an episode of the PBS series “How We Got to Now” (and the book of the same name) author and historian of innovation Steven Johnson connects the dots between Galileo and how our measurement of time enables things like GPS. In doing so, he profiles Aaron Lufkin Dennison, watchmaking innovator, and someone we can learn from when it comes to cybersecurity.

Until the 1850s, measuring time was both an imperfect science and inaccessible by anyone other than the very rich. Due to the fact that pocket watches were handcrafted by highly skilled artisans individually, the average cost of a pocket watch in 1850 was $40. To give that some context, the average American wage during that time was around $215 per year.

Dennison changed that by applying automated processes to what was then manual work. Working in his father’s cobbler shop, he suggested the making of shoes in batches rather than one by one. From “How We Got to Now”:

That power to measure time was not distributed evenly through society: pocket watches remained luxury items until the middle of the nineteenth century, when a Massachusetts cobbler’s son named Aaron Dennison borrowed the new process of manufacturing armaments using standardized, interchangeable parts and applied the same techniques to watchmaking.

At the time, the production of advanced watches involved more than a hundred distinct jobs: one person would make individual flea-sized screws, by turning a piece of steel on a thread; another would inscribe watch cases; and so on. Dennison had a vision of machines mass-producing identical tiny screws that could then be put into any watch of the same model, and machines that would engrave cases at precision speed. His vision took him through a bankruptcy or two, and earned him the nickname “the Lunatic of Boston” in the local press. But eventually, in the early 1860s, he hit on the idea of making a cheaper watch, without the conventional jeweled ornamentation that traditionally adorned pocket watches. It would be the first watch targeted at the mass market, not just the well-to-do.

Bringing an Automated Approach to Cyber Security

As was the case in Dennison’s day, today’s approach to detecting and responding to cyber incidents remains highly manual and labor intensive. The process of receiving an alert, deciding whether it is benign or malicious, and determining and executing the right course of action is performed by highly skilled cyber analysts. The problem is the fact that the sheer volume of alerts simply overwhelms today’s IR teams. The manual approach no longer works. The numbers don’t add up.

Instead, we can learn from Dennison and apply the following four lessons to transform incident response.

1. Never Accept the Status Quo – From suggesting that his father create batches of shoe soles to borrowing military manufacturing processes for watchmaking, Dennison never accepted constraints as “this is the way things are done”. Instead, we should objectively analyze the challenges faced by today’s CIRTs, and enact strategies that go beyond adding headcount. (For a good example, see “Using people to fight cyber attacks is like bringing a knife to a gunfight” from Network World)


Waltham Watc

2. Apply Technology that Revolutionizes Productivity – By transforming the process by which watches were made, Dennison was able to increase output exponentially. In an environment where IR teams are not judged by unit output but by time to respond and remediate, employing automation that can cut remediation time from days to minutes (even seconds) satisfies two goals: It enables teams to focus on the threats best handled by highly skilled cyber analysts while having the additional benefit of automatically investigating every alert, however benign.


3. Always Strive for Repeatability – The holy grail of mass production is repeatability without variation. When you’re able to repeat a process on a massive scale, you’re then able to have a predictable level of output. In IR, being able to apply automation to investigate common, predictable alerts around things like commodity malware and phishing attempts allows IR teams to spend less time on low level incidents.


4. Time is Everything – Finally, in cyber security time is everything. The longer it takes to investigate and remediate, the higher the probability that sensitive data will be stolen, credentials compromised, and other systems infected. With the exponential increase in attacks and the subsequent volume of alerts, handling incidents manually forces prioritization and trade-offs. That can only lead to increased time to respond, and that gives the bad guys more opportunity to do more damage.


If you find the history of innovation fascinating, I highly recommend Steven Johnson’s book “How We Got to Now: Six Innovations That Made the Modern World” and the PBS series of the same name, available on PBS here, and on Netflix.

With cyber attacks increasing exponentially, alerts aren’t enough. Automating investigation and remediation is the only way for incident response teams to stay ahead. Hexadite completely automates the entire IR lifecycle, with out-of-the-box logic that investigates, contains and remediates cyber alerts to eliminate the impact of a breach.