Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
3/4/2016
08:00 AM
Michael Sentonas
Michael Sentonas
Partner Perspectives
50%
50%

Protection Is Necessary, But Not Sufficient

It's time to move the conversation beyond malware and point defenses and onto dealing with breaches in their entirety.

Not much protection in life is guaranteed 100% effective. Airports and airlines around the world have introduced a range of preventative protection measures, from the airport entrance to the perimeter, from passenger screening to baggage X-rays. But they do not rely on these alone, also employing extensive training and planning so that they can detect and respond quickly if something goes wrong.

In digital security, I have heard many times that companies need to move from detection to prevention, that they need to stop all threats rather than detect and respond. Unfortunately, the only way to prevent all threats is to completely isolate each of your systems from any type of interaction with another. If you need communications and data exchanges to operate your business, then you need a breach detection strategy.

Is prevention better than detection? Of course; if you can stop attackers before they get into your systems you should, and preventative devices are an important component of any security strategy. The debate is not prevention or detection; it is whether adding the latest prevention widget is sufficient.

Central to this debate is your security strategy: malware defense or breach defense? Defending against malware is necessary, but not sufficient. Since all security threats are not similar, and all breaches are not equal, no amount of next-generation defense widgets is going to stop every threat. And if something does get through, you need the ability to quickly detect and contain the attack.

On The Offensive

Let’s look at some examples. Many security defenses use anti-malware devices that leverage a variety of techniques, including signature detection, heuristics, reputation models, sandboxing, what everyone now calls math, and various proprietary algorithms. While these techniques are all generally effective, they will miss some threats such as attacks that leverage stolen credentials, misconfigurations, unpatched vulnerabilities, unknown attack types, and rogue insiders. Your cybersecurity strategy, just like a physical security strategy, cannot play only defense. You must also have the tools and plans to deal with a breach.

Detection plays a much larger role in reducing your exposure than just an additional malware scanner. A complete detection strategy looks at breaches as an end-to-end issue. With malware likely already in your organization, industry analysts agree that the lion share of enterprise information security budgets will be allocated to rapid detection and response approaches by 2020. Detection is vital to reduce your time to detect and recover from a breach.  

Instead of simply looking for malware signatures, detection tools monitor data access and movement, looking for unlikely activity and suspicious correlations. They also provide critical actionable and forensic information when something gets through, as well as information on who was affected by it, what data is at risk, and how to contain it. Without this detection capability, it is like having a car mechanic or doctor tell you that something is wrong, but leaving it to you to identify and implement a fix or cure.

The cybersecurity industry has spent a lot of energy arguing about best-of-breed, signature versus algorithmic malware defenses, and whose sandbox is the most difficult to evade. However, cyberattacks have reached the point where, like with castles and gunpowder, a sophisticated attack can win against a purely defensive position. So it is time to move the conversation beyond malware and point defenses and onto dealing with breaches in their entirety. This requires us to evolve as an industry. We need to focus on greater intelligence sharing, communicating and collaborating across multivendor systems, and focusing on the whole problem -- protecting data and digital assets, detecting vulnerable devices and abnormal behavior patterns, and rapidly containing breaches. Anything less leaves you too exposed. 

Michael Sentonas is the Chief Technology and Strategy Officer, APAC for Intel Security. Michael has been with the company for fifteen years, previously holding leadership roles such as VP and Chief Technology Officer of Security Connected, VP and CTO for Asia Pacific and, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24613
PUBLISHED: 2021-09-20
The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed
CVE-2021-24618
PUBLISHED: 2021-09-20
The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting (XSS). Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated us...
CVE-2021-24635
PUBLISHED: 2021-09-20
The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and content of Draft post, ...
CVE-2021-24636
PUBLISHED: 2021-09-20
The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link
CVE-2021-24637
PUBLISHED: 2021-09-20
The Google Fonts Typography WordPress plugin before 3.0.3 does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Scripting attacks via blockType (combined with content), align, color, variant and fontID argument of a Gu...