Connect with us

Hi, what are you looking for?


Incident Response

“Security Before, During and After the Threat” – Watchwords for Today

“An ounce of prevention is worth a pound of cure.” Coined by Benjamin Franklin back in 1736, and applicable to so many aspects of life and business, the phrase even served the IT security industry well for the first quarter of a century. But today this phrase no longer rings true.

“An ounce of prevention is worth a pound of cure.” Coined by Benjamin Franklin back in 1736, and applicable to so many aspects of life and business, the phrase even served the IT security industry well for the first quarter of a century. But today this phrase no longer rings true.

As our protection methods get better and better and security effectiveness levels reach new heights, the bad guys are digging deep and using advanced malware, targeted attacks and new attack vectors to try to circumvent existing protection methods. These attacks are so stealthy that many security professionals struggle to determine if they even have an advanced malware problem. These malicious threats hone in on their victims, disguise themselves to evade defenses, can hide for extensive periods and then launch their attacks at any time. Given this new level of sophistication, malware outbreaks are inevitable.

Malware Attack StagesOnce you do identify malware on your network, there remain a lot of unknowns, for example: How did the malware get in? How extensive is the outbreak? How does the malware behave? What is needed to recover? How can the outbreak be stopped?

To answer these questions and mitigate the impact of a breach, you need defenses that address the full attack continuum – before it begins, during the time it is in progress and even after it begins to damage systems. Let’s take a closer look at some of the best practices in each of these phases and how layers of security infrastructure at each phase must work together for better protection.

Before an attack: It’s pretty simple. You can’t protect what you can’t see. Or, put another way, you need to know what’s on your network in order to defend it – devices, operating systems, services, applications, users, content and potential vulnerabilities. Being able to establish a baseline of information is a critical first step in defending your organization from attack. Implementing access control over applications and users is also important in this phase. Minimizing the attack surface through intelligent and granular controls reduces your organization’s vulnerability to attackers taking advantage of today’s many attack vectors to glean information and penetrate networks. But this alone is no longer enough.

During an attack: To combat today’s increasingly sophisticated malware, you need the best threat detection possible. To help assess security effectiveness and performance levels, third-party tests of IT security solutions in real-world environments can help you separate hype from reality. Once you can detect a file as malware you can block it. And because malware changes so quickly, having the ability to learn and update detection information based on evolving threat intelligence is critical to maintaining security effectiveness. Still, given the nature of malware today, the best threat detection alone isn’t sufficient to protect your environment.

After an attack: Once advanced malware enters your network it’s safe to assume it will attempt to infect other systems. At this point, marginalizing the impact of an attack becomes the end game. You need to take a proactive stance to understand the scope of the damage, contain the event, remediate it and bring operations back to normal. Technologies that provide continuous analysis so that you can take informed protection measures, and even retroactively quarantine files that may have passed through unnoticed but are now identified as malicious, can help you stem the damage and remediate.

Franklin’s words of wisdom put us on the right path. But when it comes to the challenge of defending our networks today, “security – before, during and after the threat” are more suitable watchwords.

Advertisement. Scroll to continue reading.

Written By

Marc Solomon is Chief Marketing Officer at ThreatQuotient. He has a strong track record driving growth and building teams for fast growing security companies, resulting in several successful liquidity events. Prior to ThreatQuotient he served as VP of Security Marketing for Cisco following its $2.7 billion acquisition of Sourcefire. While at Sourcefire, Marc served as CMO and SVP of Products. He has also held leadership positions at Fiberlink MaaS360 (acquired by IBM), McAfee (acquired by Intel), Everdream (acquired by Dell), Deloitte Consulting and HP. Marc also serves as an Advisor to a number of technology companies, including Valtix.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Artificial Intelligence

Two new surveys stress the need for automation and AI – but one survey raises the additional specter of the growing use of bring...

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.