From: Nextgov
By Ken Ammon, chief strategy officer at Xceedium.
National Security Agency Director Adm. Michael Rogers recently stated, “Traditionally, we’ve largely been focused on attempts to prevent intrusions. I’ve increasingly come to the opinion that we must spend more time focused on detection.” This is a troubling statement. Surely, detection is a key component of any security program. But should our government be spending more time on detection than prevention? The answer is no.
What’s Wrong with a Detection-Centric Approach?
The answer is best illustrated by applying this logic to other disciplines. Would you rather detect cancer or prevent cancer? Detect a crime or prevent a crime? Detect a security incident or prevent one? While detection represents a critical component of any complete program, a logical approach shows prevention is always preferred. The fact is that the majority of security incidents are the direct result of a failure to integrate security prevention into IT operations.
Over the past decade, security monitoring and IT operations have evolved into an “us” and “them” paradigm, which perpetuates the existing bolt-on security model. In effect, the more we invest in better monitoring tools, the more problems we uncover. The result is a game of security whack-a-mole where the moles outpace the security operation teams’ ability to mitigate the risk.
Leave a Reply