Skip Links

Cool Yule Tools 2013

Is rapid detection the new prevention?

Knowing it's impossible to stop every attack, some companies are shifting their security mindset to quickly detect and respond to threats

By Bob Violino, Network World
January 02, 2014 06:09 AM ET

Network World - There's a trend underway in the information security field to shift from a prevention mentality — in which organizations try to make the perimeter impenetrable and avoid breaches — to a focus on rapid detection, where they can quickly identify and mitigate threats.

 
Bullet 2014 outlook: Innovation agenda makes shadow IT OK
Bullet SDN in 2014: More of everything
Bullet Hybrid cloud: The year of adoption is upon us
Bullet 7 things on Microsoft's 2014 to-do list
Bullet What to expect of Internet of Things in 2014
Bullet Full list of stories looking ahead to 2014 in the tech industry.

Some vendors are already addressing this shift, and some security executives say it’s the best way to approach security in today’s environment. But there are potential pitfalls with putting too much emphasis on detection if it means cutting back on prevention efforts and resources.

Clearly, rapid detection is gaining traction. Research firm IDC has designated a new category for products that can detect stealthy malware-based attacks designed for cyber-espionage ("Specialized Threat Analysis and Protection”) and expects the market to grow from about $200 million worldwide in 2012 to $1.17 billion by 2017.

The thinking behind a shift in security approach is that it’s impossible to keep out everything, so companies should focus on quickly detecting and mitigating threats. While it doesn’t mean abandoning prevention, it suggests companies devote more resources to detection and remediation than they have in the past, with the understanding that breaches are going to happen.

+ MORE ON NETWORK WORLD See the entire list of Outlook stories +

“Prevention is a great strategy when it works. But unfortunately no preventative measure can be completely effective,” says Timothy Ryan, managing director of the Cyber Investigations practice at Kroll Advisory Solutions, a provider of risk mitigation products and services.

“For that reason, companies cannot rely on prevention and protection alone,” Ryan says. They must also rely on an information security plan that blends technology and processes to identify and respond to compromises quickly. The right tools and processes often reduce the time and cost of an investigation, he says.

There cannot be an 'either/or' approach to prevention and rapid detection. The vast majority of organizations must do both.

“Rapid detection and efficient, effective response is the new prevention,” says David Scholtz, CEO of Damballa, a security technology provider. “The mindshift here is what's being prevented. We can no longer prevent our networks and systems from becoming infected, but we can prevent those infections from growing and evolving to become damaging breaches.”

Organizations can do this by discovering threats that successfully bypass layers of prevention and cutting them down before they do damage, Scholtz says. “Today, you can continue to add prevention-based solutions to an already fortified yet disappearing perimeter, but it's the small percentage of threats that get through that then equate to 100% of your risk,” he says.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News