PODCAST: Why companies should ‘stop fearing the breach’ — and deal with ‘continuous compromises’

By Byron V. Acohido

Guidance Software is among the longest-established vendors in the cybersecurity sector. The Pasadena, California-based company got its start in 1997 by pioneering digital forensics software for law enforcement agencies seeking to extract evidence from computer hard drives—evidence that would stand up in court.

Today that core competency remains at the heart of products and services Guidance supplies to government, law enforcement and corporate customers in the United States, Europe, Africa and the Middle East. I recently had a chance to chat with Guidance Software CEO Patrick Dennis at Enfuse 2017, the company’s annual cybersecurity conference held at Caesar’s Palace in Las Vegas. A few takeaways:

Stop fearing the breach. Dennis issued this call to arms to open Enfuse 2017. His point was that the tendency to hyperfocus on perimeter defense is wrong-headed. Better to acknowledge that, in today’s environment, network compromises are continuous. The de facto daily struggle, for most organizations, is mainly about mitigating a variety of insider, external and asymmetric threats, he says, not to mention improper use of technology by company employees. Legacy detection and prevention systems aren’t stopping these threats consistently enough, he argues.

“Security executives fear this idea that there is going to be a bug breach, and that fear produces unintended consequences,” Dennis says. “You end up building higher walls and deeper prevention systems. But continuous compromise is the way businesses operate today. So you also need the ability to rapidly detect and respond to those things day in and day out.”

Spending shift. A good benchmark is that companies spend 10 percent of their operating budget on IT and then 10 percent of the IT budget, in turn, gets spent on network security. Of the portion that gets spent on security, the skew traditionally has been toward detection and prevention systems. Dennis argues that many organizations would be better protected if they would shift some of that spending to breach response technologies.

Acohido and Dennis

“The first question to ask is how mature is our prevention capability, and how mature is our response capability?” he says. “You should have some level of both, not one or the other. Then you can make some decisions about how to shift spending, and how you begin to build, frankly, a more robust operation.”

Worsening landscape. With reliance on cloud computing services deepening and the Internet of Things on the verge of mushrooming, there are more opportunities than ever for network intruders with malicious intent to exploit. Meanwhile, the risk of getting caught, much less prosecuted, is comparatively minuscule.

“The Internet of Things by 2020 will be somewhere in the order of magnitude of 20 billion devices, and that’s going to radically increase our attack surface area,” Dennis says.

“And the release of nation-state grade malware into the public domain is not going to work in our favor.

“If your rob a bank, you take a risk, and there is a consequence for making that attempt,” he says. “But there aren’t very many cyber criminals today that wind up in jail. The consequences aren’t so high with cyber crime because we don’t have policies and infrastructure built yet to prosecute these crimes.”

Dennis says wider use of forensics tools capable of gathering courtroom-quality evidence while responding to breaches could have a halo effect, beyond hardening corporate networks.

“We believe that we need to gather evidence for cyber crimes in the same way that we’ve been gathering evidence to support the prosecution of physical crimes for almost 20 years now,” he says. “That’s the underpinning of the rule of law; chain of custody, high-quality evidence brought into a courtroom for someone to be proven guilty or innocent. We need to bring that same thinking and methodology to cyber crime.”

To hear more, please listen to the accompanying podcast.

This article originally appeared on ThirdCertainty.com

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone