Recently, Symantec’s senior vice president of information security Brian Dye declared that anti-virus is dead, as told to the Wall Street Journal.
Has the security industry moved away from prevention to early detection and quick response?
I know when I started WeWatchYourWebsite back in 2007, I started preaching prevention. However, it became evident that nobody was interested. It appeared that people, even then, were more interested in early detection and quick remediation.
If you look at many of the startups and large security companies, it becomes real clear that most of the industry is focused on early detection and quick remediation. Is this like closing the barn door after the horses are out?
Is this giving up on prevention and focusing instead on early detection? That, to me, is like admitting defeat to the cyber criminals of the world.
Or, is it a different strategy?
In combat, whether your battlefield is on soil or a chess board, one key strategy is to lure your opponent into an area and then close in and destroy them.
Could this work in cyber security?
Of course, we’ll never catch the cyber criminals, unless they’re really lazy, but can we capture their methods? That would be considered a victory.
All warfare is based on deception. Hence, when able to attack, we must seem unable; when using our forces, we must seem inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near.
If our deception is to lure the cyber criminal into our website, but record and report everything, then we can consider that a victory for the masses. That information can be used to protect other websites and prevent other sites from being successfully breached.
What do you think?
Should focus be placed on detection and response? Is that a sound strategy?
Share your thoughts…