Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Is rapid detection the new prevention?

The perimiter is porous, making risk mitigation essential

Article comments

There's a trend underway in the information security field to shift from a prevention mentality -- in which organisations try to make the perimeter impenetrable and avoid breaches -- to a focus on rapid detection, where they can quickly identify and mitigate threats.

Some vendors are already addressing this shift, and some security executives say it's the best way to approach security in today's environment. But there are potential pitfalls with putting too much emphasis on detection if it means cutting back on prevention efforts and resources.

Clearly, rapid detection is gaining traction. Research firm IDC has designated a new category for products that can detect stealthy malware-based attacks designed for cyber-espionage ("Specialised Threat Analysis and Protection") and expects the market to grow from about $200 million worldwide in 2012 to $1.17 billion by 2017.

The thinking behind a shift in security approach is that it's impossible to keep out everything, so companies should focus on quickly detecting and mitigating threats. While it doesn't mean abandoning prevention, it suggests companies devote more resources to detection and remediation than they have in the past, with the understanding that breaches are going to happen.

"Prevention is a great strategy when it works. But unfortunately no preventative measure can be completely effective," says Timothy Ryan, managing director of the Cyber Investigations practice at Kroll Advisory Solutions, a provider of risk mitigation products and services.

"For that reason, companies cannot rely on prevention and protection alone," Ryan says. They must also rely on an information security plan that blends technology and processes to identify and respond to compromises quickly. The right tools and processes often reduce the time and cost of an investigation, he says.

"Rapid detection and efficient, effective response is the new prevention," says David Scholtz, CEO of Damballa, a security technology provider. "The mindshift here is what's being prevented. We can no longer prevent our networks and systems from becoming infected, but we can prevent those infections from growing and evolving to become damaging breaches."

Organisations can do this by discovering threats that successfully bypass layers of prevention and cutting them down before they do damage, Scholtz says. "Today, you can continue to add prevention-based solutions to an already fortified yet disappearing perimeter, but it's the small percentage of threats that get through that then equate to 100% of your risk," he says.

Cyber criminals are using more sophisticated methods to evade detection, Scholtz says. "They are leveraging these methods precisely because they can easily switch attack vector, or slightly tweak their malware, and instantly they're again undetectable by traditional prevention methods," he says.

It doesn't matter if an intruder is a trusted insider or a meticulous attacker who has engineered a way in through persistent and crafty means, says Vincent Berk, CEO of FlowTraq, a network security provider. "The bottom line is that hackers are already in your network," he says. "Once businesses reach this realisation, they will automatically start shifting their defensive philosophy from perimeter defense to defense-in-depth."

This shift in thinking puts more emphasis on careful collection of system logs and traffic records, and focuses on detecting what's unusual in the network, Berk says. "Large data transfers, unusual access patterns or reconnaissance behavior are all signs of somebody already on the inside searching for the crown jewels," he says.

But not everyone thinks the shift in security mindset is a good idea.

"I think the idea of switching from a prevention strategy to a detection one is a false dichotomy," says Wendy Nather, research director, security, at 451 Research. "First of all, because prevention tends to be more automated and therefore cheaper than detection. Second, because detection is just as imperfect as prevention. People may complain that antivirus misses a lot of malware, but so do intrusion detection systems. Firewalls and SIEMs are only as good as the experts who configure them, no matter which generation' they purport to be."


Share:

More from Techworld

More relevant IT news

Comments

IT Support said: This is like prevention is better than cure mania you need to detect and analyse whats coming in and out of your system for you to determine if there is a threat about to attack your system and the risks involve if your system gets compromise Early and rapid detection a




Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *