Reports of prevention’s death may have been greatly exaggerated.
While some in the security industry may question if prevention has a future in an environment where an organization can’t stop every attack, not everyone is ready to anoint rapid detection as prevention’s successor.
“Prevention is not dead,” said Forrester analyst Rick Holland during a recent webinar held by the research firm and Cybereason.
Cyber security's dynamic duo: Prevention and detection
Instead, prevention is “evolving” to face more advanced cyber attacks and must be done in tandem with detection, he said.
“Ultimately you need to fall back to detection and response, particularly when you are dealing with sophisticated adversaries who will find a way to make it past whatever your prevention is,” he said.
To illustrate the point that attackers will breach even the best defended companies, Holland noted a report from the U.S. Department of Defense’s Defense Science Board that looked at how “high-level actors” are employing offensive cyber security tactics.
“They’re going to find a way in,” he said.
A strong protection plan leads to less breaches
Holland advised organizations to take a more holistic view to security and use prevention along with detection. A robust prevention plan decreases the number of adversaries that will defeat a company’s defenses and infiltrate a company, he said. In turn, companies have fewer incidents to detect and respond to.
This mentality is catching on with CISOs and corporate boards, Holland said, adding that organizations are making their best effort to prevent breaches, but are ready to respond with detection if an attacker penetrates its defense.
Holland noted that prevention is more than securing an endpoint. For example, organizations can take a more aggressive approach to security that entails adding internal and external threat intelligence into their security plans. This method would allow companies to block harmful activity in a proactive way, he said.
This is the third blog post in a series that looks at the five points a company should consider when evaluating next-generation endpoint security products. Earlier posts gave an overview of each point and talked about the importance of using a product with a small footprint.
