By Amit Yoran, President of RSA
2015 was most notably characterised by security vendors claiming to be able to prevent advanced threat breaches when the reality is, they can’t. It was characterised by enterprises recognising the need to monitor and defend their digital environments differently, but continuing to centre their security programs on the same technologies and approaches they have been using – hoping for a different outcome, but not acting differently.
2015 saw threats continuing to evolve faster than most organisations’ ability to detect and respond to them. What was considered an “advanced” threat in years past has become a commodity today with sophisticated malware and exploits available for the price of a movie ticket. As troublesome as these observations seem, the most impactful evolution goes almost entirely unreported and misunderstood. The threats that matter most, today’s pervasive threat actors execute attack campaigns comprised of multiple compromise methods and multiple backdoors to assure persistence. Incomplete incident scoping has become a critical failure point.
We’re starting to see progress in some areas as security investments begin to shift from a maniacal focus on prevention, toward greater balance on monitoring, detection, and response capabilities. It’s become cliché to say that breaches are inevitable and that faster detection and more accurate incident scoping is the way forward, but too many organisations are trying to do these very different tasks using the technologies and processes they have on hand…not designed nor capable of answering their need. Here are some of the emerging trends that our industry and organisations need to be ready for in 2016: