Digital threat detection isn’t as easy as it was more than a decade ago. The threat landscape no longer evolves slowly in pace with signature-based malware. It moves quickly and thereby complements the rate at which new software flaws are discovered and computer criminals exploit those weaknesses to compromise vulnerable systems.
At the same time, advanced persistent threats (APTs) render pattern-based approaches and blacklisting less effective in developing protections for a wide pool of users. That’s because APTs customize their malware to hone in on a single target. In response to a one-target campaign, more traditional detection methods can’t use a “patient zero” to help secure others.
Attackers also have access to an increasingly diverse arsenal of sophisticated tools that they can use to remotely control systems, steal corporate data, and evade detection. For instance, bad actors can make use of zero-day threats and social engineering to bypass organizations’ layers of security. They can then hide within plain sight amidst the noise of innumerable security events and carry out their malicious activity.
The speed, sophistication, and stealth of digital threats today reframe detection as a “downstream” or reactive approach to security. Organizations can no longer rely on detection alone to fully protect themselves. They need something more.
That’s where foundational prevention comes in.
Foundational prevention is a proactive approach that enterprises can use to block computer criminals and limit their nefarious activity. It helps organizations identify the systems on their networks, determine if they can harden them, and detect when changes have occurred. Foundational prevention underscores these three objectives with its focus on foundational security controls such as asset discovery, security configuration management (SCM), file integrity monitoring (FIM), vulnerability management (VM), and log management.
Here’s how foundational prevention picks up where traditional detection leaves off:
1. Centers on Reducing (Read more...)
This is a Security Bloggers Network syndicated blog post authored by David Bisson. Read the original post at: The State of Security