Continuing the “Logs are Yesterday’s News” Discussion

Sep 29, 2014
2 minutes

We sincerely appreciate people reading the blogs we produce, and recently we had some great feedback on our post about logs. The strong reaction I’ve seen -- and keep it coming! -- shows there is a place for log collection and SIEM correlation to protect against well-resourced adversaries with time on their hands. In addition, there is the idea that prevention, detection and response are all equally important.

This is a great discussion, and I believe central to how we currently pursue attackers after they get into our environment instead of preventing access in the first place. I honestly believe prevention is more important than detection and remediation. As a cybersecurity community, our lack of prevention innovation led to the situation we find ourselves in today: chasing attackers and turning up details only after the damage has been done. I realize emphasizing prevention over detection and remediation is not popular. And, I’m not saying that detect and response aren’t important. The prevention limitation bleeds over into boardrooms and companies reactively create human resource intensive disjointed technology efforts that do not scale. This approach is not only lopsided, but also prompts reactions based on fear, uncertainty and doubt.

An innovative prevention approach accomplishes the following:

  • It moves prevention as far forward in the attacker kill chain as possible.
  • It takes zero-day advantages way from attackers to prevent unknown threats.
  • It stops attackers cold from installing malware on endpoints.

Here’s the good news: this can be done. It isn't going to get any easier, but the time for change and thinking different is now. There is a place for SIEM, but we need to make sure that as cybersecurity professionals, we work to prevent crime scenes rather than only describe them.

Palo Alto Networks has a new way to provide prevention that goes well beyond NGFW. Spend some time talking with our team. Learn how our enterprise security platform puts prevention back on the map. What we're doing will help IT and cybersecurity professionals in some innovative ways. So, think different. Be excellent and be bold. We can help you.

Subscribe to the Newsletter!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.