By Jamil Farshchi, Visa, a CSO40 workshop moderator and advisory board member\tWe all have problems. Technologies, processes, people, you name it. But there is one problem that affects us all, equally and more than any other. It drives our strategies, our control decisions and our execution. It\u2019s at once powerful yet disempowering, infinitely complex yet inordinately simple, timeless yet pressing. Such are the characteristics of the \u201cproblem of one\u201d.\tThe playing field is tilted in favor of our adversaries. To win, we must defend all possible attack vectors, yet our adversaries need only exploit one. We can spend millions on protection, they just need to buy (or find) one zero day. One injection vulnerability, one hard-coded password, one misconfiguration, that\u2019s all it takes for us to lose. To make matters worse, the attack surface is expanding rapidly. As digital information continues to grow in volume, criticality and value, our infrastructures, devices and applications that harness and generate the digital information are growing in kind. Such are the dynamics of the technology that underpins our businesses, and again, it takes just one weakness in that technology to put us at risk of losing. To compete, we need a thoughtful strategy and outstanding execution.\tThere are a variety of strategies we currently use to navigate this uneven playing field. One example is to attempt to meet or exceed the security maturity of our industry peers \u2013 a relative maturity strategy \u2013 such that the adversary chooses to attack the weakest link rather than us. Another is the compliance-based strategy where we focus on traditional controls and standardized methodologies \u2013 like ISO or NIST \u2013 to establish layered protections. Another is the fortress approach which emphasizes the creation of an impenetrable outer shell which doesn\u2019t allow our internal weaknesses to be exposed. No matter which strategy is used though, a competitive strategy \u2013 even if executed flawlessly \u2013 cannot guarantee success. And in the end, we don\u2019t want to just compete, we want to win.\tEvery strategy can be countered.\tThe relative maturity strategy sputters as soon as the economics of the attack fall out of your favor. For example, if a nation state decides that Los Alamos National Laboratory (LANL) is a strategically lucrative target that they want to attack, it doesn\u2019t matter how much better LANL is than its peers \u2013 LANL will be attacked.\tThe compliance-based approach is great if one has the resources and support to implement and maintain all the controls, but breach after breach of compliant organizations has demonstrated that being compliant is about control breadth, not effectiveness \u2013 and effectiveness is only half the battle.\tThe fortress approach meanwhile, emphasizes control effectiveness, but just like the Maginot Line, it is at the expense of coverage. Furthermore, the limited flexibility of the fortress approach \u2013 and associated challenges with BYOD, cloud and mobile services \u2013 makes it a poor match for modern productivity- and usability-focused businesses. \u00a0\tIn light of all these challenges, how are we expected to win? We change the rules.\tNowadays, if you hear someone tell you that they have never had a security incident, you know that they are uninformed, disingenuous, or attempting to be humorous. That\u2019s our reality. None of us are immune to security incidents. As a result, winning is no longer solely predicated on stopping all attacks. Instead, it\u2019s based on identifying and remediating attacks as quickly and with as little damage as possible. Winners and losers are defined by the timeliness of threat detection, accuracy of characterization, and ability to continually learn and tailor decision models -- based on environmental and behavioral factors -- to glean higher fidelity, faster more predictive insights. The foundation of this capability is security data analytics.\tThe data analytics-centric approach helps to offset some of the asymmetries our adversaries enjoy by leveraging the fact that we understand our environments better than they do, and can therefore better detect unusual behavior. It helps us generate greater value from current tools through sensor enrichment and temporal analysis. As a passive control, it generates less workforce \u201cfriction\u201d than active controls \u2013 enabling the business with improved usability and reduced time-to-market. Finally, a data-centric approach naturally facilitates information sharing and can therefore help us generate favorable information asymmetries by correlating, prioritizing and actioning data across multiple data sets from organizations in real or near-real time. These data analytics-driven enhancements serve to demonstrably improve the speed, accuracy and quality of a detection and response capability, collectively helping to redefine the playing field in favorable way. \u00a0\tEmphasizing detection and response and investing in data analytics at the expense of everything else isn\u2019t the answer. But when held up as a primary capability within the broader scope of a competitive strategy (such the relative maturity or compliance-based strategies that we discussed earlier), advanced detection and response \u2013 anchored by advanced data analytics \u2013 will aid in muting strategic weaknesses and in turn, help address the problem of one. It won\u2019t even the playing field \u2013 we will continue to be at a disadvantage for the foreseeable future \u2013 but it will help to make us more competitive, and position us for a chance to win.\t~~~~\tJamil Farshchi is VP of Information Security at Visa Inc. Throughout his career, he has been responsible for protecting some of the world\u2019s most sensitive assets (#NuclearWeapons @LANL), the economy\u2019s most critical systems (#Visanet @Visa) and humanity\u2019s most innovative technologies (#Hubble #MarsRovers #MissionControl @NASA). Jamil is a 2011 CSO Compass Award winner. \tJamil will be co-moderating a workshop at this year's CSO40 Security Confab + Awards event, to be hosted by CSO March 31-April 2.\u00a0 Awards are presented to 40 organizations for their security projects and initiatives that demonstrate outstanding business value and thought leadership.\u00a0\u00a0Jamil and Bob Bragdon, publisher of CSO magazine, will lead a moderated workshop on security best practices during the afternoon of March 31.