Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.
What Is the Difference Between Security and Resilience?
Resilience shifts the focus toward eliminating the probable impact of the full attack chain.
Question: What is the difference between security and resilience?
Tim Wade, Technical Director, CTO Team at Vectra: In practice, enterprise security has emphasized preventative measures as a means of defense, often overinvesting in such measures well past the point of diminishing returns. Such emphasis gives rise to the "defender’s dilemma": An attacker need only be correct once, but a defender must be correct every time. This is correct in a primarily preventative posture, and unfortunately the slow-motion train wreck of ransomware campaign after ransomware campaign demonstrates that all too well.
The modern focus on resilience, on the other hand, doesn’t lose sight of the leading edge of an adversary’s initial compromise, even as the focus shifts elsewhere toward eliminating the probable impact of the full attack chain. Instead of overreliance on preventative controls, resilience-based security objectives look holistically at the full suite of available security controls to disproportionately increase the expense of effort, material, and time an adversary must invest to progress forward with an attack, while reducing the probability that such an attack will end with material disruption.
A resilient security architecture is one where defenders maintain visibility across their enterprise; attacks are detected early, contained, and expelled before attackers realize their objectives; and recovery from any incidental damage is rapid. It’s an approach more adaptable to the dynamic business factors of today’s enterprise – digital and cloud transformation, as an example – and generally more cost-effective. Effective visibility, detection, and response are all hallmarks of resilience and is an approach most likely to favorably manage enterprise risk in a world of vanishing perimeters, mobile assets, and accelerating cloud adoption.
About the Author(s)
You May Also Like
Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024