Threat prevention is best way to stay ahead of hackers, mitigate future risk
Popular detection-based security solutions provide too little protection too late
By Byron Acohido, ThirdCertainty
While many organizations take cybersecurity seriously, there generally remains a great need for companies and agencies to think more deeply and comprehensively about network security.
That’s a top-line summary of a wide-ranging discussion I had at Black Hat 2017 in Las Vegas with Peter Alexander, chief marketing officer for Check Point Software. Below is a summary of some specific takeaways. (For a deeper drill down, take a few minutes to listen to the accompanying podcast.)
Big picture: Deter, detect, defend, debug
“There is still a perception that security is almost like insurance,” Alexander told me. “But the key difference with security is that it’s not for something that might happen; it’s for something that you know is going to happen unless you deploy it.”
A lot of organizations have taken a detection-oriented view of security, but Alexander says prevention is key. Companies shouldn’t assume malware will be discovered after it invades.
“I think in some respects, the industry had a bit of focus on detection, and I think that’s throwing us off the scent and creating vulnerabilities,” he says. “You don’t just detect the burglars when they’re inside your house.”
Leaving the door open
Cyber attacks are no longer limited; things starting in one country perpetuate globally very quickly.
“Very often, it’s not because the technology is new, and the bad guys are using something fundamentally new,” he says. “They’re just probing organizations that are not up to date, not deploying the latest technologies.”
More than 93 percent of organizations don’t have advance-threat prevention, “which is staggering,” Alexander says, adding that the WannaCry and Petya attacks that hit many companies were preventable.
“You’ll see more of these major attacks globally … because the companies are just not caught up. They are just not deploying the advanced capabilities that they need to prevent these kinds of attacks.”
Building a better defense
Alexander says organizations should take an architectural approach to defending their data.
“It’s not just a collection of tools you buy from the vendor du jour. You’ve got to look at complete approaches to intrusion protection, complete approaches to advanced-threat mitigation, complete approaches to cloud and mobile in one environment that can be managed easily,” he says. “If you don’t do that, you’re going to leave holes, and that’s where the bad guys get in.”
If detection is the only strategy an organization deploys, “you’re always playing catch-up. With prevention, you’re able to stop things effectively, if you take the right approach.”