How important is preventing security breaches?
Regardless of your answer, most organizations spend the bulk of their budgets on prevention. And even as we allocate more to detection and response, prevention remains a focus. Curious, then, that a lot of our preventative controls actually rely on detection of bad actions and malicious code.
What happens when new techniques evade signatures and bypass sandboxes?
Perhaps the answer lies in rethinking our approach to prevention. An approach that doesn't rely on detection.
That's what Dotan Bar Noy (LinkedIn), CEO and Co-Founder of ReSecsuggested during a recent conversation. Dotan (Lt. Commander Israel Navy. RET) has more than 10 years of management experience in technology and software companies. Prior to founding ReSec, he served as Director at Issta (listed ISTA.P), CEO of G.F.A. Systems, and CEO of "STUDENTS." Dotan holds a BA in Economics & Management from the Israel Institute of Technology (Technion) and an MA in Law from Bar-Ilan University.
When we talked, he captured my interest by explaining what seemed like a blend of whitelisting, application proxy, and intrusion prevention technology -- with the added twist of deconstructing and rebuilding files at line speed. Admittedly, I'm using experience with older approaches to try to categorize Dotan's vision.
It got me thinking.
Hopefully it does the same for you, too. Here are the five questions and answers that came from our discussion.
What sparked the start of ReSec and your unique approach to prevention?
We came from a world of physical gateways where you'd put a CD or USB drive on one side, it went through multiple Anti-Virus scan engines, and was delivered to the other side. Multi-scan, by definition, will have a higher chance of detection than a single AV tool. But a "standalone" USB station is irrelevant to today's enterprise needs and multi-scan AV is irrelevant in dealing with today's threats.
The question became, can we do that in the digital, network realm but better by ensuring a definite clean result for the content that passes through?
It led us to a very different approach than the rest of the market, which is focused on detecting the threat. Their challenge is that they need to see the threat to understand it, and only then to try and stop it. But the idea behind ReSec hinges on a single change in perspective: we assume that anything can be an attack. From there, it becomes possible to prevent attacks without needing to know and understand them.
How do you approach building the concept of a physical gateway into an enterprise solution?
Sign up for Computerworld eNewsletters.