Connect with us

Hi, what are you looking for?


Network Security

How Do You Define Prevention?

In discussions about cybersecurity, a word that gets used a lot is “prevention.” How do you prevent cyberattacks before they succeed? Will the cybersecurity measures currently in place offer the prevention of losses due to a cyberattack? What part of an attacker’s playbook does prevention actually stop?

In discussions about cybersecurity, a word that gets used a lot is “prevention.” How do you prevent cyberattacks before they succeed? Will the cybersecurity measures currently in place offer the prevention of losses due to a cyberattack? What part of an attacker’s playbook does prevention actually stop? These are important questions that security teams continue to struggle with, as security vendors of all stripes have been promising their particular approach to cybersecurity will prevent cyberattacks for years.

But cyberattacks continue to plague organizations, and the number of successful breaches is rising. According to the New York State Attorney General’s office, breach notifications issued in 2016 are already 40 percent higher this year than they were at the same time last year. So if the security marketplace is full of solutions that are supposed to “prevent” cyberattacks, why are so many attacks still succeeding?

In my opinion, it’s a question of evolution. Cybersecurity is an area that requires constant change from a defense perspective, with novel malware, attack techniques and vulnerabilities attempting to evade ever-advancing security controls. This back-and-forth game has played itself out for years now, but the number, scale and sophistication of attacks has sped up in the past four years. Compounding the issue is that many legacy cybersecurity technologies still in use were originally created to stop yesterday’s cyberattacks methods and are incapable of finding and stopping what is seen in the real world today. In a recent survey on cybersecurity prevention conducted by the SANS Institute, 85 percent of respondents indicated that, while they’ve implemented technical measures to preventively block known malware, less than 40 percent consider these measures to actually be preventive.

 Furthermore, most legacy cybersecurity solutions were developed to address one specific security issue. As new threats arose, vendors would create and market other single point solutions to address it, resulting in most customers having an ad hoc collection of security devices from multiple vendors, each working independently of the others, to identify and stop inbound cyberattacks. This approach leaves many gaps in an organization’s security posture that adversaries can take advantage of, as well as requiring more resources to orchestrate the different, competing technologies.

So if legacy cybersecurity technologies aren’t actually preventing cyberattacks, why do we keep describing such solutions as “preventive”? It’s time to adopt a new definition for the word “prevention” when it comes to cybersecurity.

New or next-generation prevention should stop focusing on trying to stay on top of a constantly changing pool of malicious tools and start focusing on the underlying techniques employed by threat actors, such that blocking a single technique could stop an entire class of attacks. The fact is that, while malware and other tools are growing in number daily, the ways cyberattackers use to deliver threats (spear phishing or stealing legitimate credentials, for example) haven’t changed nearly as significantly. In light of this, wouldn’t it be more efficient to focus on stopping the methods used to deliver threats, rather than the threats themselves?

Advertisement. Scroll to continue reading.

Next-generation prevention should also be automated. As mentioned above, the number of cyberattacks is increasing daily, so much so that many security teams cannot keep up with the many alerts their legacy solutions provide about potential breaches. Even more frustrating, these alerts typically don’t contain much context around the malware infection: How serious is it? What is it trying to do? Is the malware designed to target a specific industry? Without that information, it’s difficult to determine just how significant an attack is and how much attention it warrants from the security team. When automation is properly applied, attacks can be identified and prevented by the system, without needing human intervention. Systems can contribute to collective immunity by sharing intelligence about newly discovered threats, at machine scale, with every user. Then, when prevention is automated, you can apply your limited human resources to analyzing the truly targeted attacks.

Given the history of applying prevention in the real world, visibility and analytics into effectiveness are critical areas of focus. Increasingly, executive leaders, often up to the board of directors, are asking for updates on the security posture of an organization. This includes reporting on weaknesses, trending threats, and where to focus in the future, as well as providing a view into how the organization’s investments in security technology have (or have not) paid off. When considering a next-generation cybersecurity approach, proving how it has prevented threats can go a long way to securing additional funding in the future.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...