The realities of a post-breach world, at least in the enterprise security department, are starting to settle in and quite frankly this new reality is getting some strange reactions. If you’re like me and work with a diverse community of enterprise security leaders you’ll probably hear things like, “If we’re going to be hacked anyway, why bother with security at all?” a time or two. The question of “why bother” isn’t new and has been effectively asked by many different personas in the enterprise for years – but this is a new twist on the old question.
The fact is, no matter how much prevention your organization puts in place, you’re still very likely to get ‘hacked’ and suffer some sort of breach. The answer to the “why bother?” question lies in what happens after you’ve been breached, and how difficult it will be for your organization, your customers and your partners to return to a nominal operating condition.
Fact: All the prevention in the world won’t keep your organization from being targeted, infiltrated and breached.
Fact: Enterprises which adopt an active strategy of detection, response and resolution are significantly more likely to substantially reduce their losses.
What does this mean for your enterprise? It’s time to stop pretending your firewalls, IPSes, and WAFs and anti-virus is protecting you sufficiently. It’s time to build out an enterprise security intelligence strategy and start capitalizing on available threat intelligence to help you with tactical adjustments necessary to identify and disrupt active adversaries. Of course, this is easier said than done, even in the most advanced security programs in the largest enterprises. Transforming your security organization’s focus from being fully prevention-based, to a strategy which is more heavily weighted towards detection, response and issue resolution takes expertise and time. Ancient wisdom tells us that the journey of a 1,000 miles begins with one step, so I urge you to take a look at your organization’s current mode of operation, your strategy and where you focus your resources. If you’re still stuck in prevent mode, it’s high time to shift that focus.
Over the next several blog posts I’ll discuss in more detail how a transformation of this nature takes place, and provide you with a framework for making it happen. You’ll get tips, tools and methodologies that have been proven effective in various enterprise sizes and market verticals. I can’t guarantee that any of this will magically transform your enterprise from yesterday’s strategy of prevention to something more modern, but I can give you tools to make informed decisions and offer expertise… which should guide you on your way.
Cross Posted from Following the Wh1t3 Rabbit
