Business systems and automated technology have the benefit of automation and persistence. Preventing exploitation is an important and necessary function, but more is required. A defensible sustaining strategy must include aspects which expect some attacks to succeed. So rapid detection and response are necessary as well. My advice is to have a complete defense-in-depth strategy which includes the following:
- Prediction capabilities for intelligent determination of what types of attackers are targeting your environment, what they are seeking to accomplish, and the most likely methods they will employ.
- Prevention measures to close vulnerabilities and block those methods
- Detection capabilities to quickly identify when attacks are not prevented
- Response abilities to rapidly contain and return the environment to normal functions.
Prevention, Detection and Response pieces feed lessons-learned back into the prediction element for better forecasting.
The goal is to operationally manage the risks of loss. The challenge is to implement and sustain in a cost effective manner, which does not adversely affect user productivity or experiences, while effectively reducing the risk to an acceptable level. The right tools, working together can be a tremendous help in managing an organization’s security expectations.