Technology doesn't detect attacks, people do
Detection technology without appropriately skilled people will miss targeted attacks. Technology doesn't detect attacks, people do, said Jacques Louw, director at cyber security consultancy firm MWR InfoSecurity.
Speaking on day one of the ITWeb Security Summit 2017 in Midrand yesterday, Louw said organisations should rather invest in employing skilled individuals.
"Spending money on technology before there is a specific set of requirements from a detection team is wasteful, and creates a false sense of security," said Louw. "Through cyber threat hunting, instead of setting out static controls companies can rather make the policy on how to get to the correct controls."
Cyber threat hunting is defined as the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.
Referring to the 'Paris model of threat hunting', Louw recommends that companies should make threat modelling and attack path mapping a core component of their security strategy. "Make the process by which you, as a company, decide on appropriate policy, not the controls themselves. Companies should look at solving the problem rather than ticking boxes," he concluded.
Spending money on technology before there is a specific set of requirements from a detection team is wasteful.Jacques Louw, MWR InfoSecurity
Investec's group security officer, Herman Young, also advocated for organisations to use target attack simulations to test their systems. He said that organisations need to know who and what they are defending against and where their failures lie.
"At the end of the exercise you have not only checked your defences but you have improved everything and patched issues you didn't know you had before," Young said.