The changing face of cyber defence
Information security is a burgeoning, multibillion rand industry, yet businesses across the board keep on suffering breaches. Last year, headlines about high-profile breaches littered the news, suggesting that even corporate giants with the biggest security budgets are vulnerable to attack.
Effectively securing today's digital environments remains elusive. For decades, security vendors have pushed their products and solutions, saying this particular tool or that particular solution is the answer. It isn't. Although those statements might have been valid at some point, it is no longer the case.
According to Martin Potgieter, co-founder and technical director of NClose, 'defensive regression' is the concept that defence systems implemented today will regress and be somewhat less effective tomorrow.
He says this poses a very real threat to organisations across the board, and in the majority of cases it's too late when they realise this. Almost all breach reports will offer evidence of this. The organisation in question might have had the latest and greatest technology, but they were still compromised without detection.
However, Potgieter says defence is changing, with less reliance on vendor-produced "prevention" technologies and a move to defence engineering, which is making defending the organisation more achievable.
Defence teams are now building and designing their own detection mechanisms which are constantly evolving. "As the offensive community publishes new vulnerabilities and ways to exploit them, the defensive community is coming up with, and publishing new and creative ways to detect these methods.
"Defenders have finally caught up to and in some cases are winning this cat-and-mouse game."
He says this change has taken place over the last five years or so, and is supported by a few facts. "Firstly, a rise in the number of organisations that provide defence engineering services or capability. Secondly a rise in thought leaders in the defence space, many of which were inspiring in the offensive space years ago."
Finally, Potgieter says there is a change in how vendors are allowing and even encouraging integration of their products with other products, allowing customers to implement their own creative defence engineered solutions.
"Our work is by no means is over, attackers are well resourced and better funded than compared to a decade ago, so as defenders we will need to continue to evolve our methods," he adds.
Potgieter will be presenting on 'Defeating defensive regression', during the ITWeb Security Summit 2018, to be held at Vodacom World in Midrand, from 21 to 25 May. During his presentation, he will define the concept of defensive regression and deep dive into some of the root causes of it, as well as look at different ways to mitigate against it.