Preventative Security is Still Crucial to Avoiding Data Breaches

Larry Hurtado, President and CEO, Digital Defense
700
1170
234
Larry Hurtado, President and CEO, Digital Defense

Larry Hurtado, President and CEO, Digital Defense

Recently, a small, but vocal number of security industry participants have begun voicing the opinion that organizations should spend more on incident response technology, even if it requires reducing investment in preventative techniques and tools. At its root, this opinion stems from the notion that every company’s security is going to be breached eventually, so why even try to prevent an intrusion. This attitude, and advice, is flawed and even dangerous for companies doing their best to protect their own data, as well as that of their business partners and customers.

"Incident response solutions are those which attempt to detect a compromise and then react or respond"

There are two main categories of defense solutions: preventative and incident response. Preventative solutions are those which attempt to proactively avoid a compromise. These include firewalls, antivirus, vulnerability scanning and management, intrusion prevention, multi-factor authentication, data encryption and more. Incident response solutions are those which attempt to detect a compromise and then react or respond. These solutions make no attempt to stop a compromise but instead, detect incidents and alert the incidence response personnel, so that they are able to act quickly .

According to the 2015 Verizon Data Breach Investigation Report, a full 24 percent of security incidents would be eliminated if organizations were on top of finding and patching vulnerabilities and another 24 percent of incidents would be eliminated if organizations used two-factor authentication. These two preventive techniques could stop nearly half of security incidents, which in turn would reduce the risk and number of data breaches.

By examining the root causes of some recent data breaches, we can see that implementing preventative security measures remains a very important part of a comprehensive security framework.

Take for example the 2014 breach of one of the largest financial services companies. Based on forensic analysis re­leased to date, investigations indicate this event was not the result of an overly-sophisticated attack, nor did it rely on some zero-day vulnerability. The attack originated with the theft of employee login credentials, which the hackers then used to ac­cess an internal network that was not protected with two-factor authentication. The company later admitted that a single plat­form had been overlooked in its security planning.

In the case of the Office of Personnel Management (OPM) breach in 2015, a report filed by the Office of the Inspector General concluded that OPM did not maintain an inventory of servers, databases or network devices, and auditors were not able to tell if OPM even had a vulnerability scanning process in place, making it likely that sensitive data was kept on un­patched systems.

As evidenced by these two cases, which are representative of many data breaches that occurred in the last two years, the cause of many breaches can be traced back directly to a lack of proactive and preventative information security measures.

By investing in such technologies and processes, organizations can reduce many of the weaknesses present in their infrastructure, and thereby reduce the probability of a breach.

Evidence shows that more rapid response does help minimize the overall cost of a data breach, but it is still in its early stages. The future promise of incident response solutions is that they will detect all incidents moments after the compromise, automatically respond to a compromise quickly and effectively and even neutralize the threat prior to the actual theft of data. Unfortunately, automated incident response is still a young field, and no vendor can claim to effectively achieve this ideal behavior. Nevertheless, it is a valid concept and can be part of strong security architecture.

That said, incident response is not the sole solution. The growing faction claiming that protecting against a data breach is futile and that a breach is inevitable may seem convincing, but this is in fact a very weak argument upon closer examina­tion. For example, the supporters of this concept frequently list the many large and varied data breach victims, playing on and contributing to the fear and doubt surrounding them, without going into details on how they occurred. An additional piece of evidence used and quoted often is a finding from a Mandiant 2014 Threat Report, which states that, on average it takes orga­nizations 229 days to discover they have been breached. While the study is factual, it in no way proves protecting oneself is impossible. It just means many organizations do not have ef­fective incident response programs.

Many notable experts and reports, including the Verizon 2015 DBIR, reveal organizations are not doing enough to protect themselves in either areas of prevention or incident response. It is a combination of these two techniques–not one or the other–that is going to make a difference for companies in the fight against breaches. Effective preventative solutions are the front line against the hackers–there is no reason to make it easier for them to get into your network, even when incident response is in place, and it should not be devalued.

Read Also

Today's Threat Landscape Requires Adaptive Security

Today's Threat Landscape Requires Adaptive Security

Dan Joe Barry, VP Positioning and Chief Evangelist, Napatech
Staying Abreast of Application Development and Delivery

Staying Abreast of Application Development and Delivery

James F. Bal, CISSP, GICSP ,CISO, Western Area Power Administration
This Is How Your Computer Gets Hacked!

This Is How Your Computer Gets Hacked!

Mustapha A. Obeid, Information Systems Operations Manager, Illinois Institute of Technology