OpenDNS - Prevention is No Match for Persistence: Rethinking Cyber-Security in the Age of Relentless Attacks
Today, most IT security is based on prevention – an attempt to create counter measures against previously identified tactics and threats. In theory, understanding how hackers attack us helps us prepare our best defenses against them.
But in practice, we can never build our virtual walls high or strong enough to serve as sufficient barricades. For starters, old tactics evolve and new tactics emerge at a rate impossible for security professionals to match. Spear phishing targets our most vulnerable employees and watering holes attract the unwary. Our best “sandbox” malware analyses can miss some of the latest suspect behaviors. It’s impossible to predict when and where the technologies we rely upon, such as Flash or Java, will suffer the exploitation of a previously undetected (a.k.a. zero-day) vulnerability.
Worse, practice makes perfect. The key part of any advanced persistent threat (APT) is the persistence; even relatively basic, “off the shelf” malware can become powerful when it is applied repeatedly across a wide attack surface. As our digital borders, via private and public cloud services and mobile users and devices, expand they become more porous and our digital line in the sand becomes too big to defend.
For enterprises or organizations at any scale, prevention alone can never be a sufficient defense: our security professionals must be right and fast all the time, but cyberattackers just need to be effective once, over any time period.
Our new cyber-security environment demands a new way to think about our cybersecurity strategy, one that aligns our security investments with our business risks, and is less centered on ideal prevention and more focused on reality: hackers represent an ever-present threat who cannot be intercepted by preventive techniques alone.
In the following pages, we will investigate the changing motivations of cyber-attackers – who they are and what they want – and explore the most promising strategies for combating them by complementing prevention with methods that reduce the impact of security breaches and increase the effort required to make them.