Six recommendations for effective protection against advanced threats
Date: Jun 3, 2014
Guest post: Blue Coat.
Understand the challenges and the limitations of traditional blocking and prevention approaches by reading these six recommendations for more effective protection against advanced threats.
Enterprises are overly dependent on blocking and prevention mechanisms that are decreasingly effective against advanced attacks. Comprehensive protection requires an adaptive protection process integrating predictive, preventive, detective and response capabilities.
Challenges of traditional blocking and prevention:
* Existing blocking and prevention capabilities are insufficient to protect against motivated, advanced attackers.
* Most organisations continue to overly invest in prevention-only strategies.
* Detective, preventive, response and predictive capabilities from vendors have been delivered in non-integrated silos, increasing costs and decreasing their effectiveness.
* Information security doesn’t have the continuous visibility it needs to detect advanced attacks.
* Because enterprise systems are under continuous attack and are continuously compromised, an ad hoc approach to “incident response” is the wrong mindset.
Effective protection against advanced threats:
Information security architects:
1. Shift your security mindset from “incident response” to “continuous response,” wherein systems are assumed to be compromised and require continuous monitoring and remediation.
2. Adopt an adaptive security architecture for protection from advanced threats using Gartner’s 12 critical capabilities as the framework.
3. Spend less on prevention; invest in detection, response and predictive capabilities.
4. Favour context-aware network, endpoint and application security protection platforms from vendors that provide and integrate prediction, prevention, detection and response capabilities.
5. Develop a security operations centre that supports continuous monitoring and is responsible for the continuous threat protection process.
6. Architect for comprehensive, continuous monitoring at all layers of the IT stack: network packets, flows, OS activities, content, user behaviours and application transactions.
To discuss using security technology as an enabler (rather than to block and prevent) and help you unleash your full business potential, call us on 01256 379970 or email: [email protected]