Do you know the story of the ant and the grasshopper? I won’t retell it, but basically the ant works all summer to be prepared for winter and the grasshopper plays all summer only to die slowly and painfully in winter because it didn’t prepare. Or something like that.
It’s just really a nice morality tale with no plot holes, inaccuracies, or unresolved issues. And the point of the story is that you work before you have the problem. We know that in cybersecurity, because when it’s breach o’clock you better be ready.
When it comes to breaches, the best advice I can give you is don’t let it happen. But to get there you need to be like the ant and put in the effort. But what effort?
There is one problem. The problem is that a small network in an average 20-person office still has an enormous attack surface. Galaxy-sized enormous. To be more specific, for that small network there are more ways that a kill chain can play out than there are hydrogen atoms in the known universe.
That’s a lot to defend, so you need tools to help you create and maintain your breach defenses or you’ll never get it done. That’s not an exaggeration either, it’s just basic math. And not just any tools, but scalable automation tools that do what automation does best, verification tasks done quickly, consistently, and relentlessly.
Before I go on, let me just tell you it gets worse. Yes, I know I said “there is one problem” above, but really I have two problems for you, because I want to upset twice as many people. The other problem is that even if you’re willing to put in the effort to be secure, you probably don’t have enough people to do (Read more...)
This is a Security Bloggers Network syndicated blog post authored by Pete Herzog. Read the original post at: Cylance Blog