First, there is the approach that encourages you to buy more and more products. For every type of issue you may have, you should buy a new point solution addressing only that particular segment need. Three different firewalls, IPS, sandboxing tools, anti-bot, anti-spam… the list goes on and on. This is not the right approach. There are hardly any companies that can manage all these solutions, not just in terms of their high costs or the overhead required to operate them, and there will be security gaps and security indicators that are not shared between the products.
Second, there is the approach that emphasizes detection – finding many types of malware on your network and then trying to figure out how to act upon it. While in our physical world it might work – we can figure out how to act quickly – in cyberspace it doesn’t. Malware moves at the speed of light and it can take days, weeks and in most cases months (the industry average is several months) to remedy the problem.
This leads some people to move to the third option – focusing on remediation. It accepts that attacks will happen, assuming that if you’ll be breached in any event, you might as well focus on remediating the damages. Once again, this doesn’t work, because as soon as the attacks breach your networks, the damage is already done and remediation can be a long, costly process. A recent survey I’ve seen reported an average cost of $680,000 per incident. That is insane.
The last approach, and the one I believe is the most effective, focuses on prevention and presenting a well architected and consolidated approach to cyber security. It looks at the entire organization and focuses on creating a single architecture that covers all environments and is managed by a unified platform. It keeps every entry point to the organization secured all the time, be it the traditional network, the data center, mobile devices or the cloud server. In this approach, attack indicators are shared among all environments. Several technologies are synchronized to provide multiple-layers of protections, and all entry points are protected with no security gaps between. According to this approach, there is also a need to deliver actionable threat intelligence between every device, network, branch office or endpoint, so that even if one environment will be targeted – all the others will be able to identify the same threats and block it.