John Pescatore: Evasion techniques aiding advanced targeted attacks

John Pescatore: Evasion techniques aiding advanced targeted attacks

Date: May 09, 2014

The rapid evolution of advanced targeted attacks is pushing enterprises to focus less on defense and more on rapid incident detection and response. Or is it?

"We go through these waves where the threats change, and the defenses aren't so good against the new threats," said John Pescatore, the longtime former Gartner analyst and now the director of emerging security trends for the Bethesda, Md.-based SANS Institute. "The excrement hits the fan a lot more and we start talking about response. Then the defenses get a little better and we get some equilibrium until the next wave of threats comes along."

In this interview, Pescatore and SearchSecurity Executive Editor Eric B. Parizo debate whether the current wave of advanced targeted attacks has forced enterprises to make fundamental changes to their security postures. While Pescatore asserts the industry is simply going through yet another cycle in which attackers are outpacing defenders, Parizo asserts that increasing breach time-to-detection rates show enterprises are changing because they're losing the battle.

Pescatore offers lessons learned from the massive 2013 Target data breach, emphasizing the need for the industry to advance beyond single-factor authentication and implement network segmentation. He also discusses how the Heartbleed OpenSSL flaw demonstrates how successfully the industry can implement a broad-based response to a wide-ranging security flaw.

More on Information Security Incident Response-Detection and Analysis

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: