If there's been any lesson learned in the past decade, it's that despite tens of billions having been spent on anti-malware, firewalls, intrusion-detection and prevention systems, and other defensive technologies -- it's just not realistic for enterprise security teams to expect to be able to stop every attack.
Yet, surprisingly, enterprises focus their efforts and their budgets as if they can do precisely that. Sourcefire (recently acquired by Cisco) founder and CTO Martin Roesch, says a recent analysis by the IT security firm found that enterprises currently often only spend as little as 10% on incident response and about 30% on detection: the rest is on prevention.
While preventing successful attack attempts from becoming breaches is the ideal, there needs to be more of a focus on an organization's ability to identify breaches -- especially advanced malware -- as an attack is underway. "What we have been saying is organizations have to be able to deal with malware before [prevention], during, and after an attack," says Roesch.
The ability to spot malware in-progress is a crucial part of maintaining the operational integrity of one's environment, says Roesch. "If you can't maintain integrity then you're not really performing security. You may think your organization is secure. You may be able to get certified and be deemed compliant to regulations, but realistically you're not secure," says Roesch.
That thought certainly matches anecdotal evidence from the number of organizations that have been breached at the same time they were also compliant to government or industry security regulations, such as PCI DSS. Also, according to the 2013 Verizon Data Breach Investigation Report, 66 percent of breaches in the past year took at least months, if not years, to be identified. That 66 percent figure is up from 55 percent in 2011 and 41 percent in 2010.
Dan Polly, IT security officer at First Financial Bank, knows the steep hurdles defenders face when it comes to keeping systems secure. "It's interesting to look at malware over the last several years, and how very humbling it is when one considers the small amount of resources attackers must put into place to reach their objectives, against the rather sizable amount of resources defenders must have in place. It's an incredibly asymmetrical situation," Polly says.
More business leaders and security managers are coming to that realization, says Michael Viscuso, CEO at breach detection and incident response startup Carbon Black. That's especially so after they've been breached. "Customers are coming to the realization that it's going to happen again. This inevitability of breach mindset hit the defense contractors a few years ago. Now it's hitting the general commercial market," says Viscuso.
Sign up for CIO Asia eNewsletters.