Is there a certainty to security?
Many companies think that once they have a few tools deployed to control their perimeter they are done. But how effective are these tools that they have deployed?
The choice between Protection + Prevention vs Detection + Response is an illusion. As security practitioners, we all learnt that defence in depth was key. Yet we focused too much on defence as just a wall or line that would protect us. This type of thinking has been proven to be insufficient time and time again.
First, we put up firewalls and thought we were safe. Then we realized we need IDSes and eventually IPSes. SIEMs and other tools were next. These fulfil parts of the equation, but not all of them. Once your defences are static and do not evolve based on feedback of what is actually happening, then they can be worked around. Aligning to only one of Protection + Prevention or Detection + Response will leave gaps.
If modern threats have taught us anything it is that no one solution is going to solve all the problems. We need blended approaches that implement tools to protect our perimeters, but also other tools and systems that can detect anomalous traffic and tune networks on the fly to respond.
No significant Information Security standard – be it ISO 27001, the NIST Cyber Security Framework, Webtrust, or others – stops at simply doing one aspect of security. The key is to keep them balanced and all fed with tools, resources and funding to enhance capabilities across the board.
Many companies think that once they have a few tools deployed to control their perimeter they are done. But how effective are these tools that they have deployed? Just because the tools don’t detect anything doesn’t mean that there is nothing there. For each tool that is deployed, businesses should think of how they will measure its effectiveness.
- What did traffic look like before it was deployed?
- What does it look like after?
- What would it look like if it wasn’t working?
- What could it be missing?
Understanding the limitations of tools that are deployed is key to understanding what else you should be monitoring for and being able to feed this into your Risk Management processes to forecast the next tools that you should be deploying. Reacting after an attack is too late. The damage is done.
It’s not a question of Protection + Prevention or Detection + Response, it’s more of a question of Protection + Prevention + Detection + Response. The hope would be that if you are monitoring your current tools, then you will detect gaps before they are an issue and the Response will then be a planned upgrade or deployment as opposed to an incident investigation.
What You Should Do Now
- Request your FREE personalized demo. Let us show you how you can get more of email encryption – to help you apply secure digital communication to different business cases.
- Visit our FREE library of self-serve demonstration videos to see how Echoworx helps organizations address a variety of common business cases.
- If you wish to learn more about the power and value of effective email encryption, visit our Blog or Resources Library to download guides, read up on the latest strategies and case studies of our most-successful clients.
- Know someone else who would enjoy reading this page? Share it with them via email, LinkedIn, Twitter or Facebook.