Remediation and Fear Are the Answer for Everything? Really?

Is it just me, or has the cybersecurity community really confused the issue by calling everything "APT" these days?

No question APTs are serious business. But almost every article has this undertone of fear that basically says remediation is the answer for everything. In all honesty, I stopped watching Seinfeld on Crackle (which is awesome!) because I get so much humor from the cybersecurity articles I'm reading. When I stop laughing, though, I find them seriously unfortunate and awkward based on the advice they’re offering CIOs and CISOs.

There’s a segment of the cybersecurity community that wants you to believe the following:

  1. You are a bad leader
  2. Your organization is riddled with governance failure
  3. There are too many bugs in applications
  4. There is an insurmountable security gap
  5. You need to hire an army of PhDs to run complicated systems
  6. Attacks are all "APT"

Are you kidding me? Is this World War Z? Do I hear Private Joker saying, "Is that you John Wayne? Is this me?"

Many IT and security professionals are in jeopardy of losing their reputations and jobs not because they lack skills but because entrenched cybersecurity companies are dropping the ball when it comes to helping them protect their assets.

Whenever you see so much fear being peddled, it’s usually an indicator that industry vendors are struggling to evolve and innovate. What these fear mongers forget is that a FUD message alienates CIOs and CISOs from the rest of the C-suite. Fear – of “APT”, of anything – does nothing to show how the IT and cybersecurity community is working to solve problems, so CIOs and CISOs become integral to the growth of the business, like other C-suite roles.

Prevention vs. Remediation

Why are many cybersecurity companies emphasizing remediation over prevention? I don't want to take away the importance of remediation, but let's keep the argument in the right context.

When we talk about remediation, what we’re really talking about is incident response. Incident response and many of the current approaches to cyber intelligence are exceptional at telling you what happened after the fact.  In other words, the emphasis is on understanding how the robber got in and what they stole after the damage was done.

But this approach means increased cost and complexity when companies need agility and flexibility to survive in today's economy. I have a lot of respect for how far the IR community has taken IT and the cybersecurity industry, but far too many cybersecurity companies use the outstanding work of talented IR teams as a crutch. IR and remediation capabilities simply aren’t enough, which is why the Palo Alto Networks platform covers both detection and prevention.

Our approach to threat prevention extends from our application intelligence and control technology. The intelligence emphasis we put into evasive applications across all active network traffic has allowed us to create a highly effective threat prevention platform.

If you want payload analysis over all network traffic, applications and encryption, for example, just turn on that feature. If you want to extend your existing threat prevention and application and user policies to mobile or virtualized cloud environments, use one platform to do it. And the technology acquired through our recent acquisition of Cyvera allows us to extend everything we do in active network traffic all the way to active memory in endpoints.

We are everywhere across your network traffic, endpoint memory and virtualized cloud. Our platform:

  • Knows what applications your organization uses
  • Knows what users are using those applications
  • Knows when your users are mobile
  • Natively, controls what applications users can access and when
  • Knows when users try to access applications that are not authorized
  • Prevents attacks and immediately knows what user is being attacked

Let’s leave behind all that fear messaging and talk about how a real platform approach can work for all of us.

For more