Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
3/4/2016
08:00 AM
Michael Sentonas
Michael Sentonas
Partner Perspectives
50%
50%

Protection Is Necessary, But Not Sufficient

It's time to move the conversation beyond malware and point defenses and onto dealing with breaches in their entirety.

Not much protection in life is guaranteed 100% effective. Airports and airlines around the world have introduced a range of preventative protection measures, from the airport entrance to the perimeter, from passenger screening to baggage X-rays. But they do not rely on these alone, also employing extensive training and planning so that they can detect and respond quickly if something goes wrong.

In digital security, I have heard many times that companies need to move from detection to prevention, that they need to stop all threats rather than detect and respond. Unfortunately, the only way to prevent all threats is to completely isolate each of your systems from any type of interaction with another. If you need communications and data exchanges to operate your business, then you need a breach detection strategy.

Is prevention better than detection? Of course; if you can stop attackers before they get into your systems you should, and preventative devices are an important component of any security strategy. The debate is not prevention or detection; it is whether adding the latest prevention widget is sufficient.

Central to this debate is your security strategy: malware defense or breach defense? Defending against malware is necessary, but not sufficient. Since all security threats are not similar, and all breaches are not equal, no amount of next-generation defense widgets is going to stop every threat. And if something does get through, you need the ability to quickly detect and contain the attack.

On The Offensive

Let’s look at some examples. Many security defenses use anti-malware devices that leverage a variety of techniques, including signature detection, heuristics, reputation models, sandboxing, what everyone now calls math, and various proprietary algorithms. While these techniques are all generally effective, they will miss some threats such as attacks that leverage stolen credentials, misconfigurations, unpatched vulnerabilities, unknown attack types, and rogue insiders. Your cybersecurity strategy, just like a physical security strategy, cannot play only defense. You must also have the tools and plans to deal with a breach.

Detection plays a much larger role in reducing your exposure than just an additional malware scanner. A complete detection strategy looks at breaches as an end-to-end issue. With malware likely already in your organization, industry analysts agree that the lion share of enterprise information security budgets will be allocated to rapid detection and response approaches by 2020. Detection is vital to reduce your time to detect and recover from a breach.  

Instead of simply looking for malware signatures, detection tools monitor data access and movement, looking for unlikely activity and suspicious correlations. They also provide critical actionable and forensic information when something gets through, as well as information on who was affected by it, what data is at risk, and how to contain it. Without this detection capability, it is like having a car mechanic or doctor tell you that something is wrong, but leaving it to you to identify and implement a fix or cure.

The cybersecurity industry has spent a lot of energy arguing about best-of-breed, signature versus algorithmic malware defenses, and whose sandbox is the most difficult to evade. However, cyberattacks have reached the point where, like with castles and gunpowder, a sophisticated attack can win against a purely defensive position. So it is time to move the conversation beyond malware and point defenses and onto dealing with breaches in their entirety. This requires us to evolve as an industry. We need to focus on greater intelligence sharing, communicating and collaborating across multivendor systems, and focusing on the whole problem -- protecting data and digital assets, detecting vulnerable devices and abnormal behavior patterns, and rapidly containing breaches. Anything less leaves you too exposed. 

Michael Sentonas is the Chief Technology and Strategy Officer, APAC for Intel Security. Michael has been with the company for fifteen years, previously holding leadership roles such as VP and Chief Technology Officer of Security Connected, VP and CTO for Asia Pacific and, ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24259
PUBLISHED: 2021-05-05
The “Elementor Addon Elements� WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24260
PUBLISHED: 2021-05-05
The “Livemesh Addons for Elementor� WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.
CVE-2021-24261
PUBLISHED: 2021-05-05
The “HT Mega – Absolute Addons for Elementor Page Builder� WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by ...
CVE-2021-24262
PUBLISHED: 2021-05-05
The “WooLentor – WooCommerce Elementor Addons + Builder� WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-priv...
CVE-2021-24263
PUBLISHED: 2021-05-05
The “Elementor Addons – PowerPack Addons for Elementor� WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scriptin...