Wednesday, February 1, 2017

Build walls up is something from the paleolithic

The  report of the week

While a new elected president are working on build a wall up to make his country "reputable again", the cibersecurity managers (CIOs) from big companies are more aware with the idea that build a wall up is something from the past. Now most of the budget is being   is to be earmarked for detention policies. Goodbye to years of focusing on prevention. It could be true that is better safe than sorry, but if half of the times that to try to prevent at the end you finish the work with a virus, it is may be that something is going wrong and we have to change it. 
A recent study by Anderson Research, shows that the trend that led to spending up to 75% of the budget on prevention technologies has changed, since the budget is targeted for detection.
It does for two reasons: First one, because it seems more effective, and the second one, because the organizations are facing a lot, and not easy challenges for having a  cibersecurity policy based in detection that is truly useful.

For example, many companies that have begun to implement these solutions have been faced with a reality, which is not unlikely to be important: The increase in logs and data to be processed, or at least 6 out of 10 respondents say so. But in addition, for almost half of the companies, another important challenge they face is the ability to judge false positives, as well as the lack of professionals to work with new tools. And it is still significant for a third of the interviewees (33.1%), the part that makes the work in this type of cybersecurity, based on the detection being hard is the lack of budget.

Even with that, CIOs are choosing these technologies because the threats do not rest. More than two-thirds (68.5%) believe that the most important motivation is the ability to quickly identify threats from the internal network, or poor configurations that could lead to a data breach; And for more than the half (55.1%) the most important factor is the efficiency by the automated correlation of attacks.

Many of these detection technologies are also "disappointing". Let's make a break to explain that this doesn't mean "disappointing technologies", but to lead to the disappointment of the attackers. Who wants to have basic notions can go to Wikipedia. The end of the break.

In fact, 6 out of 10 study participants agree that deception-based cybersecurity is one of the most logical investments in this reorientation towards detection rather than prevention.

Even 1 in 10 claim to be "very in agreement" with the incorporation of this technology. "There have been many cybersecurity breaches in the past to suggest that only prevention can protect organizations," notes the Attivo Networks CEO, Tushar Kothari.

This report is related to some other documents from this week that are also worth reading. On one side, the lack of professionals as one of the biggest problems that CISOs are encountering. On the other side, with the law of supply and demand, the growth on the salary of the field which continues to rise and above other professional specialties. Unemployed? Study something about this. There is a need for professional people here.

Imagen: Freeimages.


Post a Comment