Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.

What Is the Difference Between Security and Resilience?

Resilience shifts the focus toward eliminating the probable impact of the full attack chain.

Tim Wade, Technical Director, CTO Team, Vectra

September 24, 2021

1 Min Read
Tree bending in the wind but not breaking.

Question: What is the difference between security and resilience?

Tim Wade, Technical Director, CTO Team at Vectra: In practice, enterprise security has emphasized preventative measures as a means of defense, often overinvesting in such measures well past the point of diminishing returns. Such emphasis gives rise to the "defender’s dilemma": An attacker need only be correct once, but a defender must be correct every time. This is correct in a primarily preventative posture, and unfortunately the slow-motion train wreck of ransomware campaign after ransomware campaign demonstrates that all too well.

The modern focus on resilience, on the other hand, doesn’t lose sight of the leading edge of an adversary’s initial compromise, even as the focus shifts elsewhere toward eliminating the probable impact of the full attack chain. Instead of overreliance on preventative controls, resilience-based security objectives look holistically at the full suite of available security controls to disproportionately increase the expense of effort, material, and time an adversary must invest to progress forward with an attack, while reducing the probability that such an attack will end with material disruption.

A resilient security architecture is one where defenders maintain visibility across their enterprise; attacks are detected early, contained, and expelled before attackers realize their objectives; and recovery from any incidental damage is rapid. It’s an approach more adaptable to the dynamic business factors of today’s enterprise – digital and cloud transformation, as an example – and generally more cost-effective. Effective visibility, detection, and response are all hallmarks of resilience and is an approach most likely to favorably manage enterprise risk in a world of vanishing perimeters, mobile assets, and accelerating cloud adoption.

About the Author(s)

Tim Wade

Technical Director, CTO Team, Vectra

Tim Wade brings over fifteen years of security engineering and operational experience into his role as the Technical Director of Vectra’s Office of the CTO, and is a firm advocate of privacy, fairness, liberty and protection for individuals in the digital age. Over the course of his career he’s crossed through both federal and private sectors, including decorated service as a member of the U.S. Air Force, and most recently as the Head of Application and Information Security in an EdTech sector enterprise. Tim holds a M.S. in Computer Science from the University of Southern California and maintains industry credentials issued by Offensive Security and (ISC)2.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights