Blocking More Doesn’t Mean Better
Everyone knows that proper cybersecurity hygiene means allowing good content and traffic in and keeping bad content and traffic out. Therefore, when comparing solutions, the one that blocks more is better, right?
Wrong.
The state of cybersecurity is actually much more nuanced. It isn’t like comparing the cost of two different airline tickets and quickly deciding which is the better deal. The goal of proper cybersecurity is to give an organization the capability to move full forward at the speed of business, and not slow anything down, while providing the visibility to observe what’s occurring in real-time and hitting the brakes or taking appropriate action only when required.
If a solution blocks traffic that it shouldn’t or doesn’t need to, then that slows down business, causes unnecessary alerts for the SOC and security teams to investigate, and creates escalations from employees and users who can’t do what needs to be done. These false positives are the bane of any security team’s existence. By now, everyone knows the unfortunate story of the retailer that had so many false positives and alarms going off that they didn’t have the visibility to see and stop the actual attack when it occurred.
Of course, just as critical is actually blocking the traffic and content that needs to be blocked — allowing malicious traffic into the organization similarly slows down business by creating significant downstream risk of data exfiltration, encryption, and other distractions that take focus (and revenue!) away from running the business. Reducing false negatives is critical; anyone can build a system that allows all traffic and only detects the most obvious of nefarious activity, but only experts can actually design and deploy solutions that drive false negatives toward zero.
People often argue that it’s acceptable to have a high false positive rate if that means a low false negative rate because the organization is being protected from malicious attacks. However, this overlooks the internal cost to the business from analyzing and processing the false positives and ultimately reducing the speed at which business can move forward.
This is exactly why one cannot simply compare solution A and solution B and decide that since one blocked more traffic, it is necessarily better. One must look fully at the details of what was blocked and what wasn’t blocked to understand the overall effectiveness of each solution. In that way, one can determine which solution will actually protect the business and simultaneously enable it to flourish. Remember — the goal of cybersecurity is not to slow business down. Rather, it’s to give businesses both the capability and visibility to push full speed ahead.
That’s exactly what we’ve done at HYAS. By reducing alert fatigue, knowing what to block and what not to block, giving organizations the peace of mind to understand that not everything that is suspicious is necessarily malicious, and allowing them to control their own definition of risk, HYAS Protect is a modern solution that truly gives businesses the ability to move full forward.
But don’t judge it based on what it blocks or doesn’t block — judge it based on the visibility and capability it gives your organization. Schedule your personal demo today and see it for yourself.
Learn more about Protective DNS and HYAS Protect in our latest whitepaper.
*** This is a Security Bloggers Network syndicated blog from HYAS Blog authored by David Ratner. Read the original post at: https://www.hyas.com/blog/blocking-more-doesnt-mean-better