2018: The Year of Advanced Threat Prevention
A few years ago, the cybersecurity industry adopted a new mindset that went something like this:
- Cybersecurity controls are not very effective.
- Therefore, sophisticated cyber-adversaries can easily circumvent them, compromise networks, and execute data breaches.
- Hence, trying to prevent attacks is essentially a fool’s errand, so organizations should concentrate on incident detection and response.
This line of reasoning was supported by an overly simplistic axiom that spread like wildfire in the industry: “There are two types of organizations. Those that have been breached and those that have been breached and don’t know it.”
Now, I admit there was and still is some truth to these assumptions. Lots of security technology staples were porous in the past as they were designed to address known rather than zero-day threats. Furthermore, networks tended to be relatively flat and wide open for attack.
With these shortcomings, many organizations shifted spending and focus to new technologies designed for threat detection like malware sandboxes, UEBA, EDR, network security analytics, etc. So, what happened? Firms were soon overwhelmed by disconnected technologies, mountains of new security data, and a cacophony of security alerts. Alas, many organizations realized then that they had neither the staff nor the skills to fully utilize this threat detection technology. Oh, and the pervasive cybersecurity skills shortage probably means that this situation won’t change anytime soon.
To read the complete article, CLICK HERE