Is ‘Assume you have been breached’ really the best Cybersecurity Strategy?

19 March 2016

I watched webinar ‘The Best Cybersecurity Strategy: Assume You Have Been Breached’ this week. The summary in the email invitation sounded really interesting, thus I registered, and had to compromise the integrity of my computer once again. Why on earth presents SC Magazine all content in this security nightmare Flash Player?

Young-Sae Song, Vice President Marketing, Arctic Wolf, quotes the Gartner advice ‘Shift Cybersecurity Investment to Detection and Response’ of January this year:

Experts recommend more focus on detecttion

Experts recommend to shift focus on detection and response

Is this advice meant seriously? I don’t think so. The Ponemon Institute estimated in the ‘2015 Cost of Data Breach Study: Global Analysis’ the mean time to identify at 206 days with a range of 20 to 582 days (based on a sample of 350 companies). And this, despite the increasing number of SIEM installations in the past years.

CISOs are well advised to make sure, that the existing cyber defense measures, including their SIEM system, work effectively before they follow this advice.

A ray of hope is Invincea’s Advanced Attack Challenge Simulator. The simulator allows to test the effectiveness of defensive measures against a variety of adversaries. For more details, please see Anup Ghosh’s post ‘Take the Advanced Attack Challenge’. I tried to cut the number of possible defense measures as far as possible. The results are really interesting. Of course only in the context of this model?

Have a good weekend, and good luck with the simulation.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s