Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Management & Strategy

Panel: “Security is not a ‘Thing’ – it’s a Goal that Requires a Layered Approach”

Security is not a “thing” – it’s a goal and a business enabler that, to be done well, requires a layered approach based on an understanding of risk and an organization’s IT environment.

Security is not a “thing” – it’s a goal and a business enabler that, to be done well, requires a layered approach based on an understanding of risk and an organization’s IT environment.

This was one of the main takeaways from an Oct. 6 panel discussion on cyber-security hosted by Kaspersky Lab in New York, where security experts laid out the challenges facing businesses and governments as attackers continue to evolve. One of those challenges is a basic level of situational awareness – something many IT shops don’t have, said Steve Adegbite, director of cyber innovations at Lockheed Martin. For example, organizations need to be able to identify if an employee is logging in at an unusual hour, or from a suspicious location.

Panel Discussion: Peter Firstbrook, Gary McGraw, Eugene Kaspersky“We have to advance technology, but we have to layer the people, process and what we call looking at the sequence of events,” he said. “There are key events that every attacker needs to go through in order to be successful. If you can layer your defenses along with your advance technology on that and basically disrupt the key events that they have to go through, you can find a lot of attacks, and that’s what we’re seeing inside our environment.”

Adegbite was joined on the panel by Gartner analyst Peter Firstbrook, Cigital Chief Technology Officer Gary McGraw, and Eugene Kaspersky, CEO of Kaspersky Lab. Though security has traditionally been layered on afterwards, security professionals are now realizing they can be a business enabler, Adegbite said, and at Lockheed, security pros are being brought in earlier as the company starts building products.

Still, while discussing Stuxnet, McGraw noted that security is still viewed by many as a “thing.”

“We all know that security is a property, and not a thing,” he said. “It’s a goal and a process.”

While the industry is improving is some respects, the government is way behind – making their role in battling cyber-threats problematic.

“If we rely on the government to regulate this stuff, we’re first going to have to teach them what that means, because they frankly just don’t know,” he said.

Advertisement. Scroll to continue reading.

Kaspersky said stronger regulation has a role to play in improving security, though it still needs to be in conjunction with improvements in technology. “(The) good news is that governments already understand that,” he said. “Finally, after the Estonia incident, Stuxnet, other incidents related to security, governments…want to do something. But they don’t know what to do.”

But if statistics on malware infections are any indications, businesses do not know what to do either much of the time.

“I am from an IT security company,” Kaspersky said. “I must think about threats. If you are from business or government, you better think about risk. But our job is to explain your threats to let you manage the risk.”

If businesses develop a myopic focus on threats as opposed to risk, it can actually make security efforts less efficient, Adegbite said.

“You’re not going to stop a hundred percent of the threats or the attacks,” he said. “But you need to stop the ones that are going to critically impact the percentage (of assets) that you need to do your business.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.