We agree that preventing a cyber attack is better than detection and containment. Then why is the overwhelming majority of us doing detection and containment?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored guest Steve Salinas (@so_cal_aggie), head of product marketing, Deep Instinct.
Thanks to this week’s podcast sponsor, Deep Instinct
Got feedback? Join the conversation on LinkedIn.
On this episode of Defense in Depth, you’ll learn:
- A recent Ponemon study notes that most security professionals agree that prevention is a better security strategy than detection and containment.
- Even with the acceptance that prevention is a better security posture, most security spending goes into detection and containment.
- By implementing firewalls, patching, and security training, many of us are already doing prevention, but may not classify it as such.
- Prevention is not nearly as expensive as creating a detect and respond security program.
- The two halves work in concert together. No prevention program can be perfect, and that’s why you always need a detect and contain program as well.
- The reason you don’t only go with detect and respond without prevention is that the flood of valid information will be too much for a security program to handle.
- There was a strong argument for detect and respond because it shows the products you spent money on are actually working. This is not just to humor the security professional, but also to give some “evidence” to the senior executives.
- A lot of prevention comes down to the individual. But since it’s so tough to get people to change behavior, there’s less friction to just purchase another prevention tool to protect people from their own behavior.
- Prevention tools won’t stop the attackers who sit dormant on a network waiting to attack. Their behavior has to be spotted with the use of detection and containment.