As I walked the exhibit hall floor at RSA, I couldn’t help but notice the large numbers of vendors talking about the need for improved detection capabilities and security intelligence that provides actionable insight as to what is going on in our IT infrastructure.
Complete protection requires both prevention and detection capabilities.
We are far too focused on the unachievable goal of trying to prevent anything bad from ever happening. It’s not gonna happen. As we discussed on the panel I moderated at the conference on Advanced Persistent Threats, you will be compromised. One of the panelist, Dave Merkel from MANDIANT, made the point that you are already compromised, you just don’t know it.
In this research note for clients in early 2007, I made this prediction:
By the end of 2007, 75% of enterprises will be infected with undetected, financially motivated, targeted malware that evaded their traditional perimeter and host defenses.
It’s just taken us a bit longer to realize that most of us have been compromised for a really, really long time. With all of our security dashboards showing “green” (mostly because they are dependent on signature-based models that have become increasingly ineffective) we were complacent.
Around the exhibit floor, dozens of vendors used different words that all described the same need:
- Advanced Threat Detection
- Situational Awareness
- Context Awareness
- Activity Monitoring
Delivering Security Intelligence and Situational Awareness will be one of the next big areas of investment in information security.
How will we pay for these net new investments? While information security budgets on average continue to increase, it won’t be enough. The need for better detection will be funded through savings and cutbacks on the protection side of the equation – for example, savings on endpoint protection platforms and consolidation onto next-generation enterprise firewalls which combine firewalling and IPS capabilities.
Category: Beyond Anti-Virus Endpoint Protection Platform Security Intelligence Tags: Adaptive Security Infrastucture, Defense-in-Depth, Endpoint Protection Platform, Next-generation Security Infrastructure, Reducing Cost