Technological Problems, Technological Solutions

We’ve seen it countless times over the years. Someone will speak up in a meeting, saying something to the effect of “not all problems have technological solutions – just throwing more technology at it may not be the best option”. They say it because it’s self-evidently true, but also because they are often resistant to either the cost or complexity of technological solutions. It is widely accepted in the Information Security field that a comprehensive solution includes technology, but also awareness training, education and aggressive policy management.

The problem confronting the security team at this point is that we’ve mostly stopped all the attacks that we know about but at the same time we also know with certainty that we don’t know about them all. So attention has to shift from hardening the perimeter to control access to digital resources to a more preventive security posture – the fast detection of actual attacks and exploits that are not prevented, or even recognized by the existing solutions.

In the network and information security world, there is not a tremendous difference between “mostly effective” and “massive failure”. 99% secure can be worse than no security at all, because we may have a false sense of security while the attacks and exploits that get through the current set of defenses are necessarily the most advanced, and therefore the most dangerous and costly. And in this case, technology does provide the only effective approach to closing the gaps and detecting unauthorized and malicious access. More than anything else, it is a big data analysis problem, where the massive amount of network user, identity, access, event and transaction data we are already generating contains pretty much all the information we need, but requires advanced intelligence capabilities in order to tease out the subtle differences between legitimate activities and fraud, vandalism or theft.

That’s the whole point behind the Securonix security intelligence platform. It doesn’t replace the network management and security tools you already have, it makes them more effective by integrating the data you are collecting from a disparate variety of tools and applying highly intelligent behavioral and peer group analysis to all that data, collectively. This empowers security managers to detect and investigate suspicious activities before they can become the next big data breach on the five o’clock news.

The Ghost in the Machine: Tracking Stealthy Fileless Malware in the Windows...
5 Cyber Threats Facing the Financial Service Sector in 2024
What is Network Detection and Response (NDR)?
What is the MITRE ATT&CK Framework?