Threat prevention is best way to stay ahead of hackers, mitigate future risk

Popular detection-based security solutions provide too little protection too late

 
Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

While many orga­ni­za­tions take cyber­se­cu­ri­ty seri­ous­ly, there gen­er­al­ly remains a great need for com­pa­nies and agen­cies to think more deeply and com­pre­hen­sive­ly about net­work security.

That’s a top-line sum­ma­ry of a wide-rang­ing dis­cus­sion I had at Black Hat 2017 in Las Vegas with Peter Alexan­der, chief mar­ket­ing offi­cer for Check Point Soft­ware. Below is a sum­ma­ry of some spe­cif­ic take­aways. (For a deep­er drill down, take a few min­utes to lis­ten to the accom­pa­ny­ing podcast.)

Big pic­ture: Deter, detect, defend, debug

There is still a per­cep­tion that secu­ri­ty is almost like insur­ance,” Alexan­der told me. “But the key dif­fer­ence with secu­ri­ty is that it’s not for some­thing that might hap­pen; it’s for some­thing that you know is going to hap­pen unless you deploy it.”

Check Point Security’s Peter Alexan­der (right) at Black Hat 2017 in Las Vegas.

A lot of orga­ni­za­tions have tak­en a detec­tion-ori­ent­ed view of secu­ri­ty, but Alexan­der says pre­ven­tion is key. Com­pa­nies shouldn’t assume mal­ware will be dis­cov­ered after it invades.

I think in some respects, the indus­try had a bit of focus on detec­tion, and I think that’s throw­ing us off the scent and cre­at­ing vul­ner­a­bil­i­ties,” he says. “You don’t just detect the bur­glars when they’re inside your house.”

Leav­ing the door open

Cyber attacks are no longer lim­it­ed; things start­ing in one coun­try per­pet­u­ate glob­al­ly very quickly.

Very often, it’s not because the tech­nol­o­gy is new, and the bad guys are using some­thing fun­da­men­tal­ly new,” he says. “They’re just prob­ing orga­ni­za­tions that are not up to date, not deploy­ing the lat­est technologies.”

More than 93 per­cent of orga­ni­za­tions don’t have advance-threat pre­ven­tion, “which is stag­ger­ing,” Alexan­der says, adding that the Wan­naCry and Petya attacks that hit many com­pa­nies were preventable.

You’ll see more of these major attacks glob­al­ly … because the com­pa­nies are just not caught up. They are just not deploy­ing the advanced capa­bil­i­ties that they need to pre­vent these kinds of attacks.”

Build­ing a bet­ter defense

Alexan­der says orga­ni­za­tions should take an archi­tec­tur­al approach to defend­ing their data.

It’s not just a col­lec­tion of tools you buy from the ven­dor du jour. You’ve got to look at com­plete approach­es to intru­sion pro­tec­tion, com­plete approach­es to advanced-threat mit­i­ga­tion, com­plete approach­es to cloud and mobile in one envi­ron­ment that can be man­aged eas­i­ly,” he says. “If you don’t do that, you’re going to leave holes, and that’s where the bad guys get in.”

If detec­tion is the only strat­e­gy an orga­ni­za­tion deploys, “you’re always play­ing catch-up. With pre­ven­tion, you’re able to stop things effec­tive­ly, if you take the right approach.”