Connect with us

Hi, what are you looking for?


Network Security

When Panic Leads to Poor Decisions

We’ve all been there before. Something unforeseen happens that triggers a panic response. More often than not we look back at that response and wish we could have done things differently.

We’ve all been there before. Something unforeseen happens that triggers a panic response. More often than not we look back at that response and wish we could have done things differently.

What we’ve all learned along the way is that panic triggers a response that often leads to potentially catastrophic mistakes. Those mistakes come as we grasp for short-term fixes that give us a stronger sense of control, but don’t take long term consequences into account.

On October 14th, Microsoft’s “Patch Tuesday” took on a new sense of urgency as we learned of three new vulnerabilities that were actively being exploited in targeted attack campaigns. Microsoft released 24 patches in total. Oracle also released patches for 154 new vulnerabilities that were discovered. Adobe issued security updates for Flash and ColdFusion. For many this triggered an immediate response to begin the tedious process of upgrading security patches and signatures. Some simply don’t have the resources and will get to the upgrades as soon as they possibly can.

IT Security PrioritiesAssuming you weren’t one of the unlucky attack targets, the upgrades should resolve any concerns…this time around. But how many security alerts are you dealing with on a weekly, monthly basis?

For many, patch management has become a sore topic as it’s virtually impossible to stay on top of. But security efficacy takes on many shapes and sizes across the organization and despite it’s pain, patching remains a crucial process in any security operation. Or does it?

If you examine the recent exploits that utilized either an unknown zero-day based vulnerability or a vulnerability that was known but had not yet been patched, you’ll see these exploits share a common set of traits. In order to execute they must follow a very well defined and finite set of exploit techniques in order to compromise the system. In fact at latest count there are only 24 techniques at an attacker’s disposal. And in most cases attackers have to employ three to four of these techniques in succession to exploit a system.

So conventional wisdom says, ‘“If I can figure out a way to disrupt or prevent just one of those steps from being used, the attack itself could be blocked.” And a couple innovative companies are now bringing this approach to market not only for exploits but also malware-driven attacks.

With the news of a fresh round of breaches at Dairy Queen and Kmart, on top of a busy week of security patches, many organizations are falling into the dangerous path of making potentially catastrophic strategy shifts. Partly due to coercion by an industry that’s pushing a very clear agenda around detection and remediation. Backed by alarming statistics of attack dwell times, increasing costs of breaches, they’re creating a picture that prevention is futile and that organizations should shift resources to a new fall back position. Ridiculous!

I’m certainly not going to stand here and say detection isn’t important. But shifting valuable resources away from prevention so that you can more quickly detect and remediate the attack that’s most likely already achieved its objectives is an ill-conceived response that will ultimately lead to catastrophic results.

Advertisement. Scroll to continue reading.

Prevention isn’t futile; remediation is. Because those companies who come in and charge $20,000 a day over an average of 31 days to clean up and remediate your systems do nothing to get back what was stolen. There’s no Navy Seal team who infiltrates the Russian organized crime team to re-take your stolen credit cards, medical records, or design documents. That’s remediation. Hold your line. Know that prevention isn’t futile.

Take this opportunity to rethink about your overall security architecture. Are you utilizing the next-generation security platforms that now exist? Ones that combine network, cloud and endpoint security. The technology exists to truly prevent these attacks from ever achieving their objectives.

Step back; don’t panic. Take the time to architect a top down approach that reduces your attack surface by safely enabling your applications, users and devices. Implement automation to protect against both known and unknown threats, eliminating the ‘man-in-the-middle’. The capability exists; it’s just a matter of taking a breath and collecting the courage to drive real change across your organization.

Written By

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights