Prevention vs. detect and respond

The risk of letting malware execute

Published January 2017

On the Internet, there are only victims and potential victims. Everyone has exposure, from individuals to large enterprises. Every minute sees more connected devices added to the attack surface. In the race to broaden and deepen defences, security teams are faced with the additional challenge of increasing complexity. More products, more events and more monitoring are making it ever harder to find relevant and true indicators of compromise, pushing the security situation closer to bedlam. This spiralling complexity diminishes a security team’s awareness and responsiveness, ultimately driving up the true cost of operational security.

Defenders didn’t inflict this on themselves. The proliferation of vendors and products, driven by overwhelming need and a growing security economy, has created a wide diversity of approaches to solving various security problems. In seeking to find a novel, often information-centric angle, however, many of these solutions have inadvertently created new challenges and failed to improve security.