There has always been a dichotomy between incident prevention and incident detection\/response. Prevention centers around a potpourri of security controls designed to block bad things from happening. Firewall rules, IDS\/IPS, and endpoint AV software fit in this category. Alternatively, CISOs must prepare for the worst and assume that cyber adversaries will circumvent their castles, gates, and moats. This means that large organizations also need processes and tools to detect and respond to anomalous\/suspicious activities.In the past, security professionals tended to focus most of their efforts on the prevention side of the street. In 2012, ESG research found that a typical enterprise organization spends about 67% of its resources on prevention and the remaining one-third on detection\/response (Discloure: I work for ESG Research).Given the wave of targeted attacks that began with Google\/Aurora, it seems that our existing incident prevention controls aren\u2019t working very well. This has caused some in the industry to declare that incident prevention is essentially \u201cdead\u201d (author\u2019s note: Personally, I hate this old analyst \u201cgo-to\u201d trick. Declare something as \u201cdead,\u201d stir up passion and industry debate, get into point\/counterpoint discussions, etc. Very clich\u00e9). These folks say it\u2019s time to move on from incident prevention and invest heavily on the detection\/response front.So where do I stand on this emotional issue? I agree and disagree. To be more succinct, I agree that it\u2019s time to push on incident detection\/response skills development and technology investment. That said, I\u2019m not ready to throw the incident prevention baby out with the bath water just yet. In fact, I suggest the opposite approach. Rather than divesting incident prevention resources, I think we need to move on to a new approach that ESG calls \u201cadvanced prevention\u201d defined as follows:An incident prevention strategy composed of security policies, processes, and automated controls designed for blocking threats targeted at specific organizations, individuals, and industries.To be clear, advanced prevention isn\u2019t really something new or unique. We will still use the same basic policies, processes, and controls we always use. So what\u2019s new? Well, security controls are often implemented in a very generic fashion based upon standards like ISO 27000, NIST-800, or the SANS top 20. Advanced prevention builds upon these tried-and-true standards with customized tweaks designed to block targeted attacks.Why move in this direction? Rather than answer this directly, I strongly urge readers to take a look at the 2014 Verizon Data Breach Investigation Report (page 15, figure 19, frequency of incident classification patterns per victim industry). This chart provides a warning sign on an industry basis indicating that the bad guys have very different attack patterns for different industries and organizations. If you are the CISO of a hotel chain, you need to be on full alert for POS intrusions. If you are a security manager of a bank or IT vendor, watch out for web application attacks. Healthcare security bosses should be on guard for loss or theft of sensitive data. This one chart should be on every CISO\u2019s desktop.In summary, \u201cadvanced prevention\u201d is simply doubling down on prevention controls customized for the threat landscape based upon an organization\u2019s size, location, and industry. So, regional banks should be focused on web application and \u201cinside-out\u201d application security controls from vendors like Imperva, RiskIQ, and Veracode. Retailers should look at application controls from Bit9 or Palo Alto Networks, endpoint firewalls, network segmentation, and endpoint forensics from Guidance Software, RSA, and Tanium. Healthcare should invest in enterprise encryption from Vormetric or DLP from firms like Verdasys.Two other quick points:1. Advanced prevention depends upon extremely accurate and timely industry-specific threat intelligence from vendors like BitSight, Norse, and Vorstack.2. Advanced prevention will work best if it is based upon automation. When real-time security intelligence discovers a new industry threat, it immediately triggers automated adjustments to security controls like firewall rules, IDS signatures, application controls, etc. Think \u201cself-defending networks,\u201d a la Cisco.