This article is meant as a rallying cry for anyone who has a vested interest in their organisation’s security.
My aim is to spearhead a new era where all companies take a proactive approach to security. No longer will historic methods of blocking and protection be the only tenets of a security strategy, focus will also be on next-generation technologies – as well as detection and response.
Of course, I’m not naïve enough to think this piece alone will lead to a complete culture change. But the evidence for a proactive approach is so strong that I am amazed that the message hasn’t got through to every IT department and board in the country.
This message became crystal clear during Neil MacDonald’s presentation at the Gartner Security & Risk Management Summit in June, which Avecto was lucky enough to attend. MacDonald is a VP and distinguished analyst in Gartner Research. His presentation analysed new approaches to combatting advanced and insider threats, and made a number of compelling arguments.
Attacks are bypassing our historic defenses – the anti-virus, the firewalls, the intrusion detection systems. Once in, a piece of malware typically stays on the systems for almost a year on average, undetected. We’re blind too – 67 per cent of attacks are discovered externally. It might be from a third party spotting records for sale on a website and letting the company know. But either way, our detection of breaches isn’t up to scratch.
Read more about the security debate:
- Government to unite 50 young British cyber security experts from 13 UK universities
- Cyber security: What employers need to know
- Wearable technology threatens security of UK businesses
But what can we do? Let’s run through it in Gartner’s four stages as MacDonald did at the summit – block, prevent, detect, respond.
Firstly, let’s block out what we can of the “bad stuff”. Whitelisting is an easy way to start. On an application level this means that known apps are good, unknown apps are bad. The Council on Cyber Security lists application control as the most essential strategy for mitigating threats, based on real-world data.
Secondly, let’s prevent the “bad stuff” from executing. This one is simple – take away admin rights and run all users as standard. It might sound like an IT help desk nightmare, but call upon software which can assign privileges to applications – not users – and you’ll provide huge protection for the operating system. It’s worth remembering that the removal of admin rights would have mitigated 97 per cent of known Microsoft vulnerabilities in 2014.
Many IT managers and CIOs are defeatist when it comes to blocking and believe that prevention is no possible. They’ve been let down too many time by poor anti-virus and firewalls. But the likes of application control and privilege management can genuinely eliminate the vast majority of threats. Leave the old, tired technologies behind and embrace more effective, modern and innovative blocking and prevention strategies.
Thirdly, detect. The key with detection is that any threats are contained and isolated immediately. Sandboxing is the technology needed in this instance. MacDonald sees this as one of the spaces in security that is breeding innovation – and was kind enough to mention Avecto’s technology in his presentation as a stand-out performer.
Finally, respond. By this we are talking about remediating and making changes after the attack. Strategy, policy rules and tactics need to continually evolve. Attacks aren’t static and defence can’t be either.
Any culture changes will take a long time to really take effect. But a shift to a proactive security posture is such an obvious and positive one. My hope is that more influencers like MacDonald really get behind it and convince organisations that this is the only way to approach security. I believe it’s an achievable goal and more importantly, that prevention is possible.