Does security work always seem like it is an endless task? For every issue resolved there just seems to be a new issue waiting to take its place. As a result I have repeatedly asked myself this same question: "Is it really possible to prevent breaches or would it be more effective to mitigate the damage done by breaches?"
However, the reality is that attackers only need to take advantage of one small mistake made by us. Therefore, can anybody be perfect all of the time? I know that I am not perfect too.
Breach Containment: Accepting Reality
Containment is founded on a fundamental principle: that breaches are inevitable. After accepting the reality of this principle, the anxiety of security diminished. Instead of panicking, the focus shifted to damage control.
How quickly can we detect the attack? What steps can be taken to isolate and prevent further spread? How long will it take to bring systems back online? These are just a few of the types of 'smart questions' that containment will ask.
Why Prevention Methodology Still Provides Value
I continue to have a passion for breach prevention that when you stop an attack before it causes comprehensive damage, there is nothing better. The utilization of firewalls, software updates, strong passcodes and two-factor authentication all aid to lessen the risk of breaches.However, the reality is that attackers only need to take advantage of one small mistake made by us. Therefore, can anybody be perfect all of the time? I know that I am not perfect too.
Where Prevention Methodology Succeeds and Fails
I have witnessed numerous corporations invest millions of dollars into digital security tools and end up still being hacked. Why does this happen?- New cyber threats develop faster than solutions are created
- Mistakes are made by users e.g. clicking on a hyperlink that leads to malware
- The protection of massive multi-component systems is too complex to secure in its entirety
Breach Containment: Accepting Reality
Containment is founded on a fundamental principle: that breaches are inevitable. After accepting the reality of this principle, the anxiety of security diminished. Instead of panicking, the focus shifted to damage control.
How quickly can we detect the attack? What steps can be taken to isolate and prevent further spread? How long will it take to bring systems back online? These are just a few of the types of 'smart questions' that containment will ask.
Tools That Help Containment
Examples of tools that I have found to provide excellent support for containment include:- Threat detection.
- Network segmentation.
- Backup storage (offsite) and unique access.
- Comprehensive documentation of investigation and response.
