Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

When Panic Leads to Poor Decisions

We’ve all been there before. Something unforeseen happens that triggers a panic response. More often than not we look back at that response and wish we could have done things differently.

We’ve all been there before. Something unforeseen happens that triggers a panic response. More often than not we look back at that response and wish we could have done things differently.

What we’ve all learned along the way is that panic triggers a response that often leads to potentially catastrophic mistakes. Those mistakes come as we grasp for short-term fixes that give us a stronger sense of control, but don’t take long term consequences into account.

On October 14th, Microsoft’s “Patch Tuesday” took on a new sense of urgency as we learned of three new vulnerabilities that were actively being exploited in targeted attack campaigns. Microsoft released 24 patches in total. Oracle also released patches for 154 new vulnerabilities that were discovered. Adobe issued security updates for Flash and ColdFusion. For many this triggered an immediate response to begin the tedious process of upgrading security patches and signatures. Some simply don’t have the resources and will get to the upgrades as soon as they possibly can.

IT Security PrioritiesAssuming you weren’t one of the unlucky attack targets, the upgrades should resolve any concerns…this time around. But how many security alerts are you dealing with on a weekly, monthly basis?

For many, patch management has become a sore topic as it’s virtually impossible to stay on top of. But security efficacy takes on many shapes and sizes across the organization and despite it’s pain, patching remains a crucial process in any security operation. Or does it?

If you examine the recent exploits that utilized either an unknown zero-day based vulnerability or a vulnerability that was known but had not yet been patched, you’ll see these exploits share a common set of traits. In order to execute they must follow a very well defined and finite set of exploit techniques in order to compromise the system. In fact at latest count there are only 24 techniques at an attacker’s disposal. And in most cases attackers have to employ three to four of these techniques in succession to exploit a system.

So conventional wisdom says, ‘“If I can figure out a way to disrupt or prevent just one of those steps from being used, the attack itself could be blocked.” And a couple innovative companies are now bringing this approach to market not only for exploits but also malware-driven attacks.

Advertisement. Scroll to continue reading.

With the news of a fresh round of breaches at Dairy Queen and Kmart, on top of a busy week of security patches, many organizations are falling into the dangerous path of making potentially catastrophic strategy shifts. Partly due to coercion by an industry that’s pushing a very clear agenda around detection and remediation. Backed by alarming statistics of attack dwell times, increasing costs of breaches, they’re creating a picture that prevention is futile and that organizations should shift resources to a new fall back position. Ridiculous!

I’m certainly not going to stand here and say detection isn’t important. But shifting valuable resources away from prevention so that you can more quickly detect and remediate the attack that’s most likely already achieved its objectives is an ill-conceived response that will ultimately lead to catastrophic results.

Prevention isn’t futile; remediation is. Because those companies who come in and charge $20,000 a day over an average of 31 days to clean up and remediate your systems do nothing to get back what was stolen. There’s no Navy Seal team who infiltrates the Russian organized crime team to re-take your stolen credit cards, medical records, or design documents. That’s remediation. Hold your line. Know that prevention isn’t futile.

Take this opportunity to rethink about your overall security architecture. Are you utilizing the next-generation security platforms that now exist? Ones that combine network, cloud and endpoint security. The technology exists to truly prevent these attacks from ever achieving their objectives.

Step back; don’t panic. Take the time to architect a top down approach that reduces your attack surface by safely enabling your applications, users and devices. Implement automation to protect against both known and unknown threats, eliminating the ‘man-in-the-middle’. The capability exists; it’s just a matter of taking a breath and collecting the courage to drive real change across your organization.

Written By

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.