Over the last decade or two, many in the cybersecurity profession have forgone the concept of prevention in favor of an “it’s not if, but when” approach to addressing security breaches.
Many vendors joined the trend with an emphasis on speed-to-detection, focusing on stopping attackers after they have already compromised your network, forgetting security is more like a marathon than a sprint, where you need to build a high level of endurance to get to your destination.
And just as in sports, security teams have diverse skillsets, maturity, knowledge, and risk appetites that allow a particular company to tackle security problems at a faster or slower pace in comparison to other teams with a different combination of these attributes.
When it comes to stopping breaches, if we analyze the traditional approach of defense-in-depth (or more recently, detection and response) we find that there’s an interesting theme that could be characterized as the three speeds in cybersecurity.
Speed of the Attacker
In today’s world attackers come in a variety of forms, from the script kiddie without much IT knowledge who can employ a ransomware-as-a-service (RaaS) platform to more advanced organized crime groups and nation-state actors.
One thing they all have in common is that they are always ahead of most organizations in regard to tactics and finding new ways to breach their targets. The steadily growing number of serious network compromises are evidence that traditional security approaches continue to fail us.
With hundreds-of-thousands of new malware samples being generated daily, and dozens of new vulnerabilities being introduced or exploited every day, it is clear that both momentum and sheer velocity are on the side of the attackers – much to the detriment of the defenders and the organizations they serve.
Speed of the Reactive Security Vendor
Traditional security providers operate in a reactive manner by updating their products after new attack modes have already been introduced into the wild, have been successfully employed against targets, and have been thoroughly analyzed or reverse engineered so that a countermeasure can be developed and then deployed to clients.
These reactive approaches typically involve continuously upgrading product portfolios with new versions of old consoles and agents in an attempt to incorporate countermeasures to attack methodologies that have already been successful for some period of time, or the generation of new signatures to defend against yesterday’s malware.
Unfortunately, this often means that the pressure to get the updated products to market sometimes results in the shipping of new versions without proper quality assurance testing, making the remedy they are delivering worse than the problem they were attempting to solve in the first place by introducing vulnerabilities into the systems they are supposed to be protecting.
Then there are the cloud-constrained ‘nextgen’ security vendors who try to keep up with evolving attack techniques by reactively updating their cloud-based lookup and reputation services, but their post-event detection and response approach is still late to the game.
In addition, the solutions they offer are also not suited for many of today’s protected environments because they depend on uninterrupted cloud connectivity to be effective, and thus cannot be utilized for air-gapped systems or those that are required to only have limited periods of internet access.
Speed of the Security Deployment
For most companies, cybersecurity has become a critical process to assist the business, ensuring that all runs smoothly with no interruptions despite the current threat landscape - but security is not the business focus.
Customers who depend on traditional solutions unfortunately have to move at the speed of their vendors, and there are countless examples of vulnerabilities impacting organizations that can only be mitigated by a major security solution upgrade.
In many cases, that requires the organization to also upgrade server infrastructure, consoles, databases, agents and products, thereby introducing a whole new risk assessment and project management process. Organizations need to take into account the myriad of interoperability issues that can arise to determine how they could potentially affect the whole IT architecture – and this all takes time, leaving the organization at vulnerable.
Security teams are under pressure to jump right into the upgrade process, and sometimes they can only cross their fingers and hope that everything works as planned and noting critical to business operations breaks and disrupts operations, potentially costing the company a significant loss in revenue.
But incompatibilities can arise with third party software or even between components of the same solution where the organization is running different versions, which can ultimately leave them with no protection at all - or worse, result in a “blue screen of death” across multiple departments.
The Speed of Prevention
As noted above, reactive approaches to security put organizations in the impossible position of trying to keep up with the speed of the attacker while being constrained by the speed of their security vendor, all while trying to address the complexities inherent in managing the speed of security deployments. That’s why security is broken today.
But there is a better way: The Speed of Prevention. Adopting a prevention-first strategy is the most practical way to be prepared for both known and unknown threats, and that’s precisely our approach at BlackBerry® Cylance®.
We have pioneered automated prevention built upon an unrivaled Artificial Intelligence (AI) platform designed to arm your security teams with an agile solution to prevent advanced threats pre-execution, fileless attacks, and zero-day attacks on every endpoint. Best of all, BlackBerry Cylance’s Predictive Advantage is third-party validated as capable of blocking emerging threats on average 25 months before they are first detected in the wild (source: SE Labs Report).
That power of prevention is coupled with our highly scalable endpoint detection and response (EDR) solution for root cause analysis and threat hunting, making BlackBerry Cylance the most comprehensive solution available today – and it does not require regular updates or reconfigurations.
BlackBerry Cylance Consulting can also provide gap analysis to assess an environment against industry and vendor best practices, incorporating well-known security frameworks into the assessment process to round out the organization’s enterprise security strategies.
Conclusion
Today’s threat landscape requires solutions that are proactive in preventing attacks and are not constrained by signatures or cloud dependencies that can only deliver after-the-fact detection and response. BlackBerry Cylance’s prevention-first approach is proven to offer protection from emerging threats and drastically reduce your organization’s overall attack surface.
