There's a trend underway in the information security field to shift from a prevention mentality -- in which organisations try to make the perimeter impenetrable and avoid breaches -- to a focus on rapid detection, where they can quickly identify and mitigate threats.
Some vendors are already addressing this shift, and some security executives say it's the best way to approach security in today's environment. But there are potential pitfalls with putting too much emphasis on detection if it means cutting back on prevention efforts and resources.
Clearly, rapid detection is gaining traction. Research firm IDC has designated a new category for products that can detect stealthy malware-based attacks designed for cyber-espionage ("Specialized Threat Analysis and Protection") and expects the market to grow from about $200 million worldwide in 2012 to $1.17 billion by 2017.
The thinking behind a shift in security approach is that it's impossible to keep out everything, so companies should focus on quickly detecting and mitigating threats. While it doesn't mean abandoning prevention, it suggests companies devote more resources to detection and remediation than they have in the past, with the understanding that breaches are going to happen.
"Prevention is a great strategy when it works. But unfortunately no preventative measure can be completely effective," says Timothy Ryan, managing director of the Cyber Investigations practice at Kroll Advisory Solutions, a provider of risk mitigation products and services.
"For that reason, companies cannot rely on prevention and protection alone," Ryan says. They must also rely on an information security plan that blends technology and processes to identify and respond to compromises quickly. The right tools and processes often reduce the time and cost of an investigation, he says.
"Rapid detection and efficient, effective response is the new prevention," says David Scholtz, CEO of Damballa, a security technology provider. "The mindshift here is what's being prevented. We can no longer prevent our networks and systems from becoming infected, but we can prevent those infections from growing and evolving to become damaging breaches."
Organizations can do this by discovering threats that successfully bypass layers of prevention and cutting them down before they do damage, Scholtz says. "Today, you can continue to add prevention-based solutions to an already fortified yet disappearing perimeter, but it's the small percentage of threats that get through that then equate to 100% of your risk," he says.
Cyber criminals are using more sophisticated methods to evade detection, Scholtz says. "They are leveraging these methods precisely because they can easily switch attack vector, or slightly tweak their malware, and instantly they're again undetectable by traditional prevention methods," he says.
It doesn't matter if an intruder is a trusted insider or a meticulous attacker who has engineered a way in through persistent and crafty means, says Vincent Berk, CEO of FlowTraq, a network security provider. "The bottom line is that hackers are already in your network," he says. "Once businesses reach this realization, they will automatically start shifting their defensive philosophy from perimeter defense to defense-in-depth."
Sign up for CIO Asia eNewsletters.