Detection is easier than protection
07/04/15 Category: Security
Good news, cyber security detection can be quite a bit easier than cyber defense.
Cyber defense is hard, well at least hard to do well. Adequate is nothing less than 100%. Even worse, while perimeter security is often referred to as a fortress mentality, even that's flaw, unlike a fortress, we can't fire back and we can't chase the attackers. So, perimeter security is more like the Great Wall in China. It's just there, visible, stagnant and waiting to be scaled. Much like the actual wall, it's being chipped away at.
Of course perimeter security itself is flawed, because exactly where is the perimeter?
Good news though, detection is much easier. Detection doesn't require stopping and attack or theft, but noticing it.
Thinking of a personal home residence, defense is near impossible, but detecting a breach past the walls is so much easier. We have cameras, motion detections, noise detection, we can install more active detection (e.g. dogs) and the list goes on. Better yet, most detection methods can't be detected until after a breach has been made or after alerted on the detection method.
With cyber security defense effectively ineffective with over a 97% failure rate, detection is where the action is. Better yet, with an average dwell time prior to detection of over 200 days, there are tremendous improvements possible over time to detection.
Lastly, lets get over the one super duper single system approach. Detection should be based upon multiple unrelated systems and different techniques. There are almost limitless technologies and techniques, subtle, aggressive, stealthy and old school that we can and ought to use.