January 20, 2012 5 Comments
In an InformationWeek article by Matthew J. Schwartz called “10 Security Trends To Watch In 2012”, Schwartz puts “Breaches now inevitable, say businesses” as number 1. Number 1! Finally the message seems to be permeating the years of flat earth thinking in the IT industry and the broader market!
Quoting Schwartz: ”The new mandate, then, is not just to maintain killer defenses, but also to have the right technology and practices in place to quickly detect when the business has been breached, and then to block the attack and ideally identify how the breach occurred and what might have been stolen.”
This the exact concept behind what Triumfant calls Rapid Detection and Response. Understanding that shields are not, and will never be, 100% effective and your organization will get breached. It is, as Schwartz says, inevitable. Therefore, Rapid Detection and Response is about detecting attacks that infiltrate machines as close to the moment of infiltration as possible, providing the analysis to make an informed response, and stopping the attack and repairing the infiltrated machine. It is about understanding that this not a DoD or NSA problem about detecting the Advanced Persistent Threat but the very hard reality that targeted attacks are getting through your shields.
What remains to be seen is how quickly this grasp of the inevitable will be followed by action. The problem with the inevitable is that it does not wait for us to grasp it – it is happening all around us regardless.
(BTW, some of you Matrix fans may be surprised by my choice of picture. I searched relentlessly and could not find a single picture of the exact scene moment when Agent Smith delivers his “sound of inevitability” line. I was disappointed. The Internet, it seems, is not yet 100% – much like the shields people trust too much to protect their endpoints and servers.)