Every day there’s news of another major cyber breach. Welcome to the age of the continuous compromise. This is the new normal and you need to get used to it.
Yahoo, Target, Sony, RSA, Ebay, Anthem, US Military, Heartland, Dropbox, JP Morgan Chase, Home Depot, Linkedin, Adobe, the NSA, and thousands of others. They spent tens of millions of dollars on their cyber security programs. They had armies of experts, amazing SOCs, next generation sandboxes, firewalls, SIEMs, EDRs —you name it, they had it.
Source: Gartner (February 2014)
But when it mattered . . . They. Just. Didn’t. Know.
They were breached. Badly. All of them.
How could this be? Because they were focusing on the wrong things and ignoring the value of a validated architecture. All organizations should now assume that they are in a state of continuous compromise. However, organizations have deluded themselves into believing that 100% prevention is possible, and they have become overly reliant on blocking-based and signature-based mechanisms for protection. As a result, most enterprises have limited capabilities to detect and respond to breaches
The truth is that improved prevention, detection, response and prediction capabilities are all needed to deal with all types of attacks, "advanced" or not. And these should never be viewed as siloed capabilities. If they don’t work intelligently together as an integrated and adaptive system, complete protection from advanced threats will remain elusive.