Time to end spurious debates over cybersecurity budget allocations
A recent global survey of 450 security professionals conducted by ResearchScope finds organizations are increasingly augmenting their next-generation firewall (NGF)/intrusion detection systems (IDS) with investments in deception technologies that rely on traps and decoys to discover how malware is proliferating across their internal systems.
Conducted at the behest of Attivio Networks, a provider of a platform for deploying deception technologies, the survey finds NGF/IDS platforms are still viewed as the most effective way to detect and stop known threats, while deception technologies are increasingly being viewed as an effective control for detecting unknown threats. Specifically, 56 percent of respondents cited NGF/IDS as being the most effective cybersecurity technology, followed closely by deception technology at 55 percent.
While firewalls still play a critical role in cybersecurity defense, just about every cybersecurity professional has come to terms with the fact that malware makes it on to their organization’s systems due to forces largely beyond their control. The goal now is to first prevent as much malware as possible from ever landing in an IT environment in the first place, and then secondly, aggressively hunt for malware that made it into the environment because, for example, an end user was tricked into downloading malware embedded within a phishing attack.
The real challenge, of course, is that success when it comes to threat hunting is uneven at best. Over 50 percent of the survey respondent admitted that dwell time for malware exceeds 100 days and that their meantime for detecting malware was either flat or increasing. Only 30 percent of respondents say the dwell time rate for malware inside their organizations is decreasing.
The fundamental issue IT organizations clearly need to address is striking the right balance between cybersecurity investments to defend the perimeter and the discovery of threats that have found a way to end-run those perimeter defenses. Within the cybersecurity community there is often a spurious debate over how much of the IT budget should be allocated to defending the perimeter versus hunting for threats. The fact of that matter is organizations will always need to a dual approach. After all, if there was no perimeter defense that amount of malware being deposited would far exceed any ability to discover and remove it. The reality of situation is like it or not organizations will need to allocate additional dollars to modernizing perimeter security while at the same time significantly expanding their ability to discover potential threats. In fact, for good measure IT organizations should also be segmenting their networks to limit any potential damage any piece of malware might be able to inflict.
In the meantime, any infighting over cybersecurity budget allocations is generally counterproductive. There is always going to be contention among advocates of one product versus another. But most cybersecurity professionals are too savvy to get caught up in a debate that is roughly equivalent to arguing over which limb is more important than another when the absence of any one of them creates a disadvantage that, while not impossible, is hard to overcome when engaged in any battle.