Prevent or detect? What to do about vulnerabilities

Knowing how to prevent vs, managing vulnerabilities will enhance detection

Today's CISOs are undoubtedly overwhelmed with trying to make the most informed, efficient, and economical decisions about securing the most valuable assets in the enterprise. In the days of old, those decisions were a little bit easier because investing in prevention provided decent protection.

That's not true today, which is why Ira Winkler president of Secure Mentem and author of Advanced Persistent Security said that trying to protect against every threat is not cost efficient.

Shifting the mentality of those defenders who came to age in the world of preventative protection has been slow going. As a result, some security programs are failing, "Not because the bad guys got in, but because they got out," Winkler said.

In order to build a strong security program, CISOs need to invest in the right balance of prevention, detection, and response, which means that they may want to leave some vulnerabilities that they can manage in order to focus more on detection.

Jeff Williams, CTO and co-founder at Contrast Security, said, "Winkler is trying to make a distinction between protect, detect, and react. And of course, a responsible security strategy has all three."

The question then is one of prioritization. Williams said, "Prioritizing detect and react over protect is offering candy to CISOs overwhelmed with their security challenge."

If one were to use the analogy of home security, not trying to prevent a vulnerability, said Williams, "Is like saying, don’t worry about locking your doors and windows. Just wait for the alarm to go off and the police will protect you."

There's also the potential of attacks that don’t actually trigger alarms. "The police don’t always respond effectively, and the damage may have already been done by the time the cops arrive," Williams said.

Detection and reaction are not silver bullets, in fact, Williams said, "Just watch the movie “Taken” if you think that detect and react are always the best strategy."

But Winkler is not suggesting that people leave the front door unlocked. That's tantamount to taking no security measures at all, which no one would advise.

The reality is that even if everyone locks and bolts the front door, some people like to sleep with their windows open. "Does that mean that we put bars on all the windows?" Winkler said.

There are always going to be vulnerabilities. It's virtually impossible to prevent against every single threat.

Instead, Mike Donaldson, solutions specialist at Bay Dynamics, said, "All vulnerabilities should not be treated equally. An unlocked window is a security vulnerability. But, if that window is on the 50th floor of a high rise, it is unlikely that a burglar would scale the building to break in."

1 2 3 Next Page