Based on the strategic offensive principle of war, the adage “the best defense is a strong offense” has been used and abused by not only the military, but martial arts, sports and business alike. The premise is simple: by starting with a strong offensive position you weaken your opponent’s ability to mount an effective offensive campaign and therefore don’t need as strong a defensive strategy. This may be fine for war games, kung fu tournaments, football games and corporate takeovers but can it work for your cyber threat protection strategy as well?
Keeping The Bad Guys Out
The cyber security industry was founded primarily with protection not prevention in mind. All technologies initially focused on a defense strategy. Firewalls, anti-virus, and Security Information and Event Management (SIEM) started out by providing the only method of keeping the bad guys out and monitoring events that may signal a cyber threat.
This strategy worked as long as the bad guys were on the outside but gave free reign if the threat was inside. Unfortunately, it also led to a requirement for rapid detection and remediation whenever it failed to prevent a new zero-day attack or something creative enough to spoof or bypass preventative measures.
New groups such as Hackerone are emerging and base their existence on the “strategic offense principle” in order to use “white hat hacking” with the drive to make the internet safer. This is an aggressive form of penetration testing to surface the most relevant security issues of an organization before they can be exploited by criminals.
Cyber Threat Prevention Strategies
We have written before that All Cyber Threat Prevention Approaches Are Not Created Equal and have also covered the 5 Keys To Cyber Threat Prevention as well as how Security Ecosystems Evolve. So, there really isn’t much more to add on the subject of prevention versus protection other than to offer that any strategy unused is absolutely not going to work.
If you are still relying on antiquated cyber threat protection technologies because it is perceived to be too expensive or difficult to replace (or even augment), then you will at some point need to remediate a major breach.
The Ideal Prevention
Prevention is the ideal form of protection. Solebit’s SoleGATE, now part of the Mimecast family, gives you a leg up on preventing malicious entry into your cyber environment. Further enhancing Mimecast’s cyber resilience platform architecture, Solebit provides powerful threat protection to help customers face today’s broad threat landscape with evasion-aware, signature-less technology. SoleGATE uses a static analysis which is faster, more accurate, not OS version dependent and covers 100% of your code, with complete visibility. With SoleGATE, every line of code is evaluated, making Sandbox evasion techniques ineffective. On average, Solebit analysis time is between milliseconds up to a few seconds. Network Sandboxes typically take 5-15 minutes to perform the same analysis.
Using deep inspection and analysis methods, SoleGATE is able to interpret and detect code in real time and immediately block threats from penetrating your organization. DvC™ has no assumptions on threat heuristics and behavior and assumes that there is no legitimate reason for executable code to be present in a data file, it relies solely on identifying code existence on non-executables files. Bottom line is that you will finally have safe content!
Check out this whitepaper on an evasion-proof approach against modern cyber attacks that can keep your content safe. It will outline how to strengthen your cyber defenses dramatically by preventing attacks before they enter and harm your organization, your customers and your brand. Remediation is costly, prevention is not.