One of the fundamental problems with the traditional model of network and computer security is that it is reactive. While most security solutions include some element of heuristic defense capable of identifying new threats based on suspicious behaviors, the reality is that traditional security methods are really only good at defending against known threats –and many of them are even a bit shaky at that.
A new breed of security is rising up, though, to bring a new paradigm to security: proactive. One of those new vendors is Cylance–founded by Stuart McClure. McClure and Brian Wallace presented a session at RSA earlier this year entitled “Hacking Exposed: The Art of Deterrence (AoD)“, which shared more detail about how to change the security game around.
I wrote about that session in this RSA blog post:
You may be familiar with the colloquialism “shutting the barn door after the horses escape.” It basically refers to the futility of trying to stop something from happening after it has already happened—a concept that defines the traditional approach to network and computer security. Deterrence is about taking a proactive approach that prevents the event from happening in the first place.
One of the sessions at the RSA Security Conference this year addressed this very issue. Stuart McClure and Brian Wallace presented a session titled “Hacking Exposed: The Art of Deterrence (AoD)”, which talked about the inherent weaknesses of the traditional security model and proposed a new, more proactive approach.
McClure and Wallace highlighted the way traditional countermeasures work. Firewalls and email gateways attempt to detect and block incoming traffic. Anti-malware software and platform security controls attempt to detect and block attacks at the endpoint. Beaconing and security-monitoring tools attempt to detect and block outbound threats. The problem with all of the above is that these methods rely too heavily on reacting to attacks rather than preventing them.
Traditional defenses depend almost entirely on signatures or similar tools used to identify known threats. Until an attack is active and the threat is discovered, the security vendors can’t develop the necessary defenses to guard against it.
You can watch the entire RSA presentation here:
You can read the complete post on the RSA blog: Stop the Bad Guys with Proactive Defense