Dark Reading: Security's New Reality: Assume The Worst

/Home/Internet Security: Articles/Internet Security: Dark Reading/Dark Reading: Attacks & Breaches

A more fatalistic view that attackers have already infiltrated the organization presents a different way of looking at -- and marketing -- security

Mar 15, 2012
By Kelly Jackson Higgins

First installment in an occasional series.

Tucked away on the sprawling show floor at the recent RSA Conference was a newly commercialized appliance that sits inside the network and spies on attacks already in progress. Its mission isn't to stop the attacker from getting in, but instead to stealthily observe the attacker's moves while gathering intelligence and ultimately containing any damage.

Assuming the attacker is already inside, or soon will be, is a gradual but significant mindset shift under way in the security industry, which has been built on a defensive strategy of firewalls, antivirus, and other tools. There's now a growing sense of fatalism: It's no longer if or when you get hacked, but the assumption that you've already been hacked, with a focus on minimizing the damage. The new appliance demonstrated at RSA was an example of approaching security from the view of being resigned that the bad guys are getting in, even with your defenses in place, security experts say.

Click the URL above to read the full article