As a security professional (on the vendor side), 2013 opened with the news that the New York Times was compromised by 45 pieces of custom malware and closed with the massive data breach at Target Corporation, with the theft of Adobe source code thrown in for good measure.
There has been quite a bit of discussion about who was to blame (individual vendor or compromised company) in at least two of the three incidents, but I think that discussion is counterproductive. As I discussed in a webcast earlier in the year, the incident at Target Corporation for example could have happened to just about anyone (and it seems increasingly likely it did).
Further, while there are many exciting new security technologies emerging- sandboxes, network anomaly detection, forensics, etc.- there are just as many ways to have leveraged traditional security technologies to reduce the risk of such incidents happening at those very same organizations. (Of course, outside looking in, there is no way to say for sure what would or would not have helped.)
That’s why we felt it was important to bring forward an Advanced Threat Protection Framework comprised of 5 main security components (including products, services and processes):
- Access Control to reduce the attack service
- Threat Prevention to block as much as we can
- Threat Detection to detect what we may miss at any point in time
- Incident Response to validate and contain what’s detected
- Continuous Monitoring to constantly audit, assess and reduce risk
Yes, we call out recommended security measures- with an eye towards balancing effectiveness and manageability- but more importantly we strive to help organizations look past any proclaimed “silver bullet” to stop the latest threats and regularly reassess the entire security posture to address risks as best fits their organization.
Your expert perspectives are welcomed and encouraged. Please comment based on your own experiences.