Page 19 - CDM Cyber Warnings February 2014
P. 19
according to a recent survey conducted by the Ponemon
Institute, most respondents say that less than 10 percent
of their security budget is used for incident response.
At the same time, 81 percent believe that if the right
investments in people, process and technologies were
in place for incident response, their organizations would
be better able to mitigate all future security breaches.�
Thinking Beyond the Perimeter
Preventative security technologies and best practices are
no longer enough to keep persistent attackers out of the
corporate network. If attackers are exploiting
undisclosed vulnerabilities, or logging right into
the network using stolen user credentials, then no
amount of vulnerability patching or exploit detection will
work. Security professionals have spent years fortifying
the walls of their networks, but they aren�t paying enough
Advanced threats are here to stay, as evidenced by
attention to what happens after intruders get in.
continued attacks on high-profile organizations. The
goal in computer security has traditionally been to plug
the holes that bad guys use to break in – a preventative
approach that starts with penetration tests and ends with
patch installation and intrusion prevention systems.
Engaging the incident response team has typically been
the last resort when all else fails. In today�s era of insider
threats and APTs, this approach has to change.
“As security breaches
continue to plague The first step to getting on top of what is happening
inside your perimeter is to gain visibility into the internal
companies, a cyber network. Technologies such as firewalls, antivirus,
IDP/IPS and SIEM all have a role to play in combating
security incident network threats, but they miss the mark when it comes
to network visibility, leaving a wide open gap in
response team is need- enterprise security strategies. This gap is evident to
external attackers who know that once they have gotten
ed now more than ever” past perimeter defenses, they can wreak havoc on the
internal network without fear of being detected.
According to Dr. Larry Ponemon of the Ponemon
Institute, �As security breaches continue to plague The gap is also evident to malicious insiders, who already
companies, a cyber security incident response team have access to sensitive information and have no reason
(CSIRT) is needed now more than ever. However, to fear being discovered. And lastly, this gap has become
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 19
