On prevention vs. detection, Gartner says to rebalance purchasing.
In this post Eric B. Parizo, Executive Editor for TechTarget’s Security Media Group, makes clear that the effectiveness of traditional, signature-based protective technologies like intrusion detection and prevention or antimalware will significantly decrease in future.
Gartner’s Adaptive Security Architecture (ASA) is a new approach for defense against targeted attacks. ASA is a re-active defense strategy based on continuous monitoring and analytics, and should be complemented by traditional, signature based pro-active technologies.
Ths ASA approach has one small(?) weakness: In the time between an attack, its first recognition and the implementation of protection measures we are left defenseless! This time shut be kept as small as possible to prevent greater damage.
In my opinion, there is a third, recommendable way: Micro-Virtualization
Micro-Virtualization is a new approach for defense against, not only targeted, attacks that irons out the weaknesses of the ASA approach. An e-mail client or an internet browser session is completely isolated from other tasks and the operating system. Only those data required for successful execution of the task (Need-to-Know principle) are loaded into the isolation container.
In the case of an attack only the data inside the isolation container is affected and on session end the malicious code is destroyed with the isolation container. This feature makes Micro-Virtualization a perfect complement for ASA and the traditional signature-based approach.
For more details about Micro-Virtualization please see www.bromium.com.