Every organization is working hard to possess a "strong security posture." But what does that mean? A strong security posture, means you possess a healthy quantity and quality of Information Security Experts (Human Beings) and Information Security Tools (Technology/Products). Information Security Experts are leveraging Information Security Tools to prevent attacks before they happen, protect the organization in case an attack does happen, detect attacks that go unnoticed, and respond accordingly.
Every security posture is built on four pillars:
1. Prevention - preparing and training before a threat/attack
2. Protection - stopping a known threat/attack
3. Detection - detecting an unknown threat/attack
4. Response - taking action towards a threat/attack
What does, "Prevention," mean in Information Security? Prevention focuses on preparation, simulation, testing, and training. The goal of Prevention is to educate your employees on common attacks, and hopefully through that training and simulation they will be more prepared to handle real life attacks. Prevention for example includes:
Prevention always gets a lot of attention because the idea of stopping an attack before it starts sounds awesome in theory. However, the reality is Prevention has failed because no amount of training can prepare an organization for an attack they never saw coming. The threat landscape is so dynamic that it is literally impossible to stay ahead of the latest attack vector. This is one of the many reasons why there is no silver bullet in Information Security.
What does, "Protection," mean in Information Security? Protection focuses on stopping a known attack. The goal of Protection is exactly that, to protect you from a known threat by being able to take action before, during, or after an attack to secure the organization. There are hundreds of products and tools that claim they can block threats or stop an attack, and while some of them do work it is often contingent upon several factors. The idea of stopping an attack is an appealing one because it makes us feel like we have control. The reality is "Protection," is elusive and there are an infinite amount of ways an attacker can get through or go around a Protection tool. Furthermore, anytime you start dealing with tools or products that can block network traffic, it can potentially have an impact on normal business processes. Protection for example includes:
If Prevention and Protection were enough to stop Cyber attacks; Information Security wouldn't be the fastest growing sector in Tech, and more specifically, Detection and Response wouldn't be the fastest growing sub-sector in Information Security.
The fact is, Detection and Response have been deemed the highest priority by almost all Information Security Professionals. All of the organizations that were breached in the past had a Prevention and/or Protection tool in place and they still fell victim to an attack. Which is why most organizations have accepted the fact that they can not prevent and protect against attacks. In fact, their resources are better spent detecting an attack and responding accordingly, as opposed to having a false sense of confidence. Detection and Response tools are known as:
The challenge is most organizations don't have the resources to focus on every aspect of Information Security so they have to start prioritizing which pillar they would like to invest in and which one they want to outsource. There are three ways of achieving a strong security posture.
For most organizations leveraging a combination of in house security practices and outsourcing the more complex and expensive practices is the perfect blend. Outsourcing can be confusing because Information Security is already a complex topic, but on top of that, for the past 15 years it has been a booming industry and it has attracted a lot of well funded organizations who have all spawned their own catch phrase. "SOC as a Service," "MDR (Managed Detection and Response)," "MSSP (Managed Security Service Provider)" and my new favorite, "Threat Hunting." All of these phrases essentially mean the same thing. It means you have a human being or a team of human beings who are experts in Computer Networking and Information Security and they leverage a set of tools/technology/products to detect unknown threats to an organization and respond accordingly to ensure the organization stays secure.
Organizations who focus on Prevention and Protection in house, and outsource Detection and Response have the strongest security posture, with the most amount of control and the least amount of capital expenditure.