The rapid evolution of advanced targeted attacks is pushing enterprises to focus less on defense and more on rapid incident detection and response. Or is it?
"We go through these waves where the threats change, and the defenses aren't so good against the new threats," said John Pescatore, the longtime former Gartner analyst and now the director of emerging security trends for the Bethesda, Md.-based SANS Institute. "The excrement hits the fan a lot more and we start talking about response. Then the defenses get a little better and we get some equilibrium until the next wave of threats comes along."
In this interview, Pescatore and SearchSecurity Executive Editor Eric B. Parizo debate whether the current wave of advanced targeted attacks has forced enterprises to make fundamental changes to their security postures. While Pescatore asserts the industry is simply going through yet another cycle in which attackers are outpacing defenders, Parizo asserts that increasing breach time-to-detection rates show enterprises are changing because they're losing the battle.
Pescatore offers lessons learned from the massive 2013 Target data breach, emphasizing the need for the industry to advance beyond single-factor authentication and implement network segmentation. He also discusses how the Heartbleed OpenSSL flaw demonstrates how successfully the industry can implement a broad-based response to a wide-ranging security flaw.