Detection is not the best approach | Altaware, Inc. Cyber Security Blog

Detection is not the best approach

Words don’t do justice to understanding concepts, especially in newer fields like cyber security. These days the mantra is:
- Prevention
- Detection
- Response

However, it's misguided.

It makes me think about our home and dealing with the numerous pipe leaks we've had over time. We’ve had many instances and it’s a nuisance and has the potential to be disastrous.

So far what we do is some prevention and heavy detection and response for dealing with water leaks. Fortunately, we've avoided catastrophe thanks to be being very alert, but the expense in time and money was still much greater than having taken an effective prevention technique early on.

For prevention we have a water main we shutoff when we’re gone, we make sure the water pressure regulation is operating and we keep all valves operating.

The reality though is it doesn’t stop a water leak, so we have a pretty good detection system. I can say for the record, we’ve never had a single major problem and yet we’ve spent a ridiculous amount of money responding to our detected leaks. Our detection is based upon audible and visible checks, and even watching where the dog lies down (he likes hot water slab leaks). Lets face it, we rely upon detection and timely detection, but we're not preventing them. We've come to rely on detection to avert disasters. Sound familiar?

We spend enormous amounts of money responding to all the leaks and repairing the leaks, not to mention a lot of time. Let's step back, that’s a stupid system that is a ridiculous way to deal with the problem… Better prevention can greatly minimize the chasing and reacting we do for detecting problems. We've come to rely on detection versus more effective prevention.

Now we replace the lines whenever possible even adjacent still working ones, which is a better prevention technique. We realize that we didn't spend enough resources in prevention. As for detection, we have properly placed water sensors in key locations that alert a system with an immediate text message and central oversight. Yes, we still have to respond, but the goal is to spend more on prevention, have less but better/faster detection and minimize response and remediation.

So, let me ask you, is your cyber security approach just as crazy with inadequate prevention, relying on detection and then requiring time and money for responding and remediating?

If so, that’s nuts. Oh and by the way, a water leak just harms me the owner. A data leak inconveniences the entity housing the data, but harms so many more. So, lets rethink cyber security and focus more on prevention, it’s the tip of the iceberg. Don’t get me started on the limitations of using insurance for remediation versus reparation. Prevention saves downstream costs.