Malware evolution demands new security stance
Organisations need a shift towards rapid detection and response for a strong post-breach security.
The evolution of advanced malware and zero-day attacks require a new approach; one that combines big data security, threat intelligence and full visibility.
According to Gartner, enterprises are overly dependent on blocking and prevention mechanisms that are not effective against advanced attacks. They need comprehensive protection that requires an adaptive protection process - integrating predictive, preventive, detective and response capabilities.
So said James Stevenson, a solution sales specialist advanced threat protection at Blue Coat, presenting at BlueCoat Advanced Threat Seminar in Randburg yesterday.
According to Stevenson, the traditional security strategy has primarily focused on a prevention-based strategy that is made up of intrusion detection systems, intrusion prevention system and antivirus which cannot detect targeted attacks.
Although prevention technologies will not become redundant as part of the organisation's in-depth defence strategy, they will become less relevant in the overall security architecture, he noted.
Stevenson believes organisations need a shift towards rapid detection and response for a strong post-breach security so that they can predict, prevent, detect and respond to attacks in a holistic, integrated and continuous manner.
With this new approach, chief information officers will reduce the time it takes to detect an attack, said Stevenson. Most security teams have traditionally been reactive instead of proactive in their breach discovery methodology and by being more proactive and getting visibility of the network there will be a reduction in the time it takes to detect the attack, he added.
"At the moment, about 69% of the attacks take months to detect and that is a large window of opportunity for attackers. With the new approach, there is a lot of focus on rapid detection and also rapid resolution - that is finding network breaches earlier and resolving them earlier," said Stevenson.
Also, organisations have to rebalance the budget across Gartner's four key disciplines. At the moment, 10% of IT budget is assigned to detective and retrospective technologies and the majority is assigned to preventative, he pointed out.
He added that in the next six years, there will be a big shift on what to invest in terms of security capability. Around 75% of the IT budget will be assigned to rapid detection and resolution technologies with less assigned to blocking technologies.
"The failure to stop targeted attacks requires security organisations to re-balance investments in all stages of Gartner's adaptive security architecture and adopt a continuous response culture," said Stevenson.