Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Rethinking Security With A System Of 'Checks & Balances'
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
11/20/2014 | 10:01:47 AM
Re: Prevention is ideal but detection is a must!
@andregironda

The comments referred to were not arguments, they were statements stressing the need for what you call the "fusion center". They were a reiteration of the fact that all facets need to be acknowledged not just one and the loop needs to be constant and refined on a regular basis.
BrianFoster
50%
50%
BrianFoster,
User Rank: Author
11/18/2014 | 4:52:46 PM
It's all about the feedback loop
Andre Gironda is spot on (see his comment below). It's not enough to just implement prevention, detection and response in silos. In order to truly get ahead of these threats, and stop feeling like you're on a hamster wheel, you must share intelligence in a feedback loop across these technologies, so you don't continue to leave the same vulnerabilities open. We'll try to go even more in-depth on some of these examples in future posts. 
andregironda
50%
50%
andregironda,
User Rank: Strategist
11/18/2014 | 4:06:10 PM
Re: Prevention is ideal but detection is a must!
Prevention is not ideal and detection, like prevention are, of course, must-haves.

I don't understand the arguments in the comments. What the author was trying to convey is that we need feedback loops between the protect, detect, and respond capabilities of a cyber risk program. I call this the "fusion center".
GonzSTL
50%
50%
GonzSTL,
User Rank: Ninja
11/18/2014 | 3:34:00 PM
Re: Prevention is ideal but detection is a must!
I agree that detection is a must. At the same time, incident response is also critical. The malware responsible for the Target breach WAS detected early on. Unfortunately, their incident response strategy failed, and they got breached. End of story.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
11/18/2014 | 1:59:44 PM
Re: Prevention is ideal but detection is a must!
Good analogy. I think a layered approach is definitely a powerful security approach. It also may be a good idea to keep these layers inconsistent. By this I mean the mechanisms that are used between Prevention, Detection, and Remediation in correlation to IDS/IPS, Firewall, Anti-virus, and baseline cannot have similar mechanisms for deterrence. An article was done on Dark Reading earlier this year from Blackhat states that a consistency would make the layers easier to compromise. If one layer was compromised, another layer with similar mechanisms would also be in danger. It sounds counter intuitive but a layered-consistent approach riddled with inconsistency is best.

Consistency of Process

Inconsistency of Mechanisms
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
11/17/2014 | 1:50:36 PM
Re: Prevention is ideal but detection is a must!
In today's security landscape I see prevention, detection, and response being treated as a layered filtering approach. Think of prevention like a piece of fine screen door, it will prevent the majority of bugs that attempt to get through. However, this layer has a problem in that it is only able to block those bugs that it is aware of, if a bug is small enough it can slip through undetected. This is where detection comes into play, monitoring everything inside the house for anything out of the normal. Why is Uncle Henry sneezing? We should take a look at that. Finally, you get to response which is after realizing Uncle Henry has a cold, you have to get him well and find and fix the hole in the screen door that let the bug inside in the first place.


Or Henry could have brought the bug in with him....
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
11/17/2014 | 7:26:31 AM
Prevention is ideal but detection is a must!
As the saying above goes, it is mission critical to ensure that if anything has infiltrated your network that you have the ability to detect and mitigate the risk. Prevention is just one piece of the puzzle as stated in the article and definitely has failed in the past due to a myriad of reasons. Same with the other two pieces but our faith in prevention has clouded us in some ways to the fact that its probably one of the less crucial of the branches. Prevention is ideal for any network however I believe that this ideal notion is riddled with inconsistency. Most if not all networks have been infiltrated in one way or another I believe. Whether this has been detrimental or not to this point is irrelevant, its our job to ensure that we are able to find these threats and eliminate them quickly and efficiently. For that we need to place more weight on the other two branches just as this article denotes. Tools such as IDS, anti-virus, and baseline analyzers can help in this regard. Other thoughts on how to put more emphasis on the other two branches.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Can you smell me now?
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11844
PUBLISHED: 2020-05-29
There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
CVE-2020-6937
PUBLISHED: 2020-05-29
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
CVE-2020-7648
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
CVE-2020-7650
PUBLISHED: 2020-05-29
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
CVE-2020-7654
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.