As I walked the exhibit hall floor at RSA, I couldn’t help but notice the large numbers of vendors talking about the need for improved detection capabilities and security intelligence that provides actionable insight as to what is going on in our IT infrastructure.
Complete protection requires both prevention and detection capabilities.
We are far too focused on the unachievable goal of trying to prevent anything bad from ever happening. It’s not gonna happen. As we discussed on the panel I moderated at the conference on Advanced Persistent Threats, you will be compromised. One of the panelist, Dave Merkel from MANDIANT, made the point that you are already compromised, you just don’t know it.
In this research note for clients in early 2007, I made this prediction:
By the end of 2007, 75% of enterprises will be infected with undetected, financially motivated, targeted malware that evaded their traditional perimeter and host defenses.
It’s just taken us a bit longer to realize that most of us have been compromised for a really, really long time. With all of our security dashboards showing “green” (mostly because they are dependent on signature-based models that have become increasingly ineffective) we were complacent.
Around the exhibit floor, dozens of vendors used different words that all described the same need:
- Advanced Threat Detection
- Situational Awareness
- Context Awareness
- Activity Monitoring
Delivering Security Intelligence and Situational Awareness will be one of the next big areas of investment in information security.
How will we pay for these net new investments? While information security budgets on average continue to increase, it won’t be enough. The need for better detection will be funded through savings and cutbacks on the protection side of the equation – for example, savings on endpoint protection platforms and consolidation onto next-generation enterprise firewalls which combine firewalling and IPS capabilities.
Category: beyond-anti-virus endpoint-protection-platform security-intelligence
Tags: adaptive-security-infrastucture defense-in-depth endpoint-protection-platform next-generation-security-infrastructure reducing-cost
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.