Why Bother with Security? [If you’re going to get hacked anyway]

Thursday, December 05, 2013

Rafal Los


The realities of a post-breach world, at least in the enterprise security department, are starting to settle in and quite frankly this new reality is getting some strange reactions. If you’re like me and work with a diverse community of enterprise security leaders you’ll probably hear things like, “If we’re going to be hacked anyway, why bother with security at all?” a time or two. The question of “why bother” isn’t new and has been effectively asked by many different personas in the enterprise for years – but this is a new twist on the old question.


The fact is, no matter how much prevention your organization puts in place, you’re still very likely to get ‘hacked’ and suffer some sort of breach. The answer to the “why bother?” question lies in what happens after you’ve been breached, and how difficult it will be for your organization, your customers and your partners to return to a nominal operating condition.


Fact: All the prevention in the world won’t keep your organization from being targeted, infiltrated and breached.


Fact: Enterprises which adopt an active strategy of detection, response and resolution are significantly more likely to substantially reduce their losses.


What does this mean for your enterprise? It’s time to stop pretending your firewalls, IPSes, and WAFs and anti-virus is protecting you sufficiently. It’s time to build out an enterprise security intelligence strategy and start capitalizing on available threat intelligence to help you with tactical adjustments necessary to identify and disrupt active adversaries. Of course, this is easier said than done, even in the most advanced security programs in the largest enterprises. Transforming your security organization’s focus from being fully prevention-based, to a strategy which is more heavily weighted towards detection, response and issue resolution takes expertise and time. Ancient wisdom tells us that the journey of a 1,000 miles begins with one step, so I urge you to take a look at your organization’s current mode of operation, your strategy and where you focus your resources. If you’re still stuck in prevent mode, it’s high time to shift that focus.


Over the next several blog posts I’ll discuss in more detail how a transformation of this nature takes place, and provide you with a framework for making it happen. You’ll get tips, tools and methodologies that have been proven effective in various enterprise sizes and market verticals. I can’t guarantee that any of this will magically transform your enterprise from yesterday’s strategy of prevention to something more modern, but I can give you tools to make informed decisions and offer expertise… which should guide you on your way.


Cross Posted from Following the Wh1t3 Rabbit 

Possibly Related Articles:
Post Rating I Like this!
Westley McDuffie
All the prevention in the world will not stop a target attack if you are truly the intend target. So let me ask, why do you have a front door in your home with a lock on it? If you are the target of someone going to break in your home, a flimsy @$$ door lock isn’t going to save you. But it keeps the schmucks out.
Let me answer why you have a door lock, its either it gives you a piece of mind or it keeps the unwanted entry of your home by those without the wherewithal to break down the door. (The schmucks) Professional criminals not so much, but the firearm you keep under your pillow at night handles that task for when you are home and the IDS beeps when the door opens puts a forever end to their shenanigans.

For your listed facts, I will concede to both to save the argument, if they are used together. If not, that’s a lack of craft knowledge. Detection is great, but I would rather reduce my risk footprint, have my data owners deem what is the acceptable level of risk, and then create the policy enforcement, thus creating avenues of approach where I can some control of where the attack comes from. This is not always the case. But keeping the schmucks out also reduces the number of advertise your network will have to face. Prevention may be yesterday’s way of doing business, but stopping SQLI before it started would have saved Sony Entertainment a hell of a lot of money.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.