They say that an ounce of prevention is worth a pound of cure, but as Joshua Goldfarb would argue, an ounce of detection makes prevention all but irrelevant. In an article for Dark Reading, Goldfarb counts down the top reasons why detection puts the “cure” in IT security.
#6 – Prevention Beats Response
First, a non-secret: prevention always beats response. Add to that a security detection function and you’ve got a recipe for effective risk mitigation. That’s not to say that you won’t need to occasionally respond to security threats. Attackers can be a determined bunch and have proven time and again that they can infiltrate even the toughest barriers.
#5 – Practice Beats Theory
Never rely on theory alone, says Goldfarb:
Because I come from an operational background, I know better than to put all my eggs in one basket. Whether it’s a technology, a methodology, or a philosophy, what sounds flawless in theory seldom works as well in practice.
#4 – Beyond Malware
Look beyond the threat of malware. There are plenty of breaches that come from elsewhere and a plethora of entry points through which to attack. Remember that your security team needs to be effective 100% of the time and that a malicious hacker only needs to get it right once.
#3 – Plan for “Sick Days”
Goldfarb makes a useful comparison between IT security and sickness prevention. If you run a security team, you’re in the business of ‘hand washing.’ But remember, not all hand washing prevents infection. That is why IT security must account for what amounts to “sick days” and must provide “tissues” to handle digital contagion. In the same vein, there is no one-shot solution to a security breach. Think of detection as a second dose of protection. Having no single point of failure, threats that do infiltrate will still register on your radar.
#2 – Risk Mitigation = Detection
One of the biggest insights offered in Goldfarb’s article is that IT security is about mitigating risk. Remember that an attacker is usually not interested in compromising the organization’s system. They most often want company secrets and company information. Detection is an effective tool to limit unwanted exposure of company data. Even if a system is 100% exposed to security threats, it remains safe so long as those threats are detected and resolved before sensitive information is stolen.
#1 – Counterintelligence
The prevailing trend is away from prevention and toward detection, which is why many organizations are giving up on security operations centers (SOCs), incident response centers (IRCs), and cyber defense centers (CDCs). Even the stone walls of a castle won’t protect against a spy, which is why your company needs some counterintelligence.
Read the original article at: http://www.darkreading.com/endpoint/detection-a-balanced-approach-for-mitigating-risk/a/d-id/1321383