Anup Ghosh, writing a comment on the Securosis blog observed:
The fallacy of the logic in monitoring and response is that you can detect the attack that bypassed the tools. If you could, then you would simply update the tools, which is how the security industry works (and failed) by and large. Instead, humans end up detecting artifacts of attacks long after the attack has been successful—after the damage is done—hence the
[Incident Response] industry was born that attempts to perpetuate itself by saying you can’t prevent the attack. That’s the most expensive dollar in security you can spend—incident response.My message is to invest in innovation rather than ceding the network to the adversary and hoping to find them on the network after the damage is done. It turns out once your customer records are leaked, your email archive published, your IP stolen, all the remediation and incident response in the world can’t get it back. All the King’s men couldn’t put Humpty Dumpty back together and nor can you.
We can see how time favors the bad guys in this timeline derived from Blue Coat/Solera data:
The attackers are leveraging this time advantage with hit and run attacks in which they are in and out before they are ever detected.
[O]nce your customer records are leaked, your email archive published, your IP stolen, all the remediation and incident response in the world can’t get it back. In the 21st Century, an ounce of cyber-prevention is worth more than a pound of cyber-cure. SP Guard is an important piece of cyber-prevention. Using SP Guard, spearphishing attacks can be disrupted by targeting email deception. IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.
You can contact us at 408-727-6342,ext 3 or use our online form.
