Preview Mode Links will not work in preview mode

Defense in Depth

  1. All Episodes
  2. Prevention vs. Detection and Containment

Prevention vs. Detection and Containment

May 14, 2020

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-prevention-vs-detection-and-containment/)

We agree that preventing a cyber attack is better than detection and containment. Then why is the overwhelming majority of us doing detection and containment?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored guest Steve Salinas (@so_cal_aggie), head of product marketing, Deep Instinct.

Thanks to this week's podcast sponsor, Deep Instinct.

Deep Instinct

Deep Instinct is changing cybersecurity by harnessing the power of Deep Learning to prevent threats in zero time. Deep Instinct’s on-device, solution protects against zero-day, APT, ransomware attacks, and against both known and unknown malware with unmatched accuracy and speed. Find out more about the solution’s wide covering platform play.

On this episode of Defense in Depth, you’ll learn:

  • A recent Ponemon study notes that most security professionals agree that prevention is a better security strategy than detection and containment.
  • Even with the acceptance that prevention is a better security posture, most security spending goes into detection and containment.
  • By implementing firewalls, patching, and security training, many of us are already doing prevention, but may not classify it as such.
  • Prevention is not nearly as expensive as creating a detect and respond security program.
  • The two halves work in concert together. No prevention program can be perfect, and that's why you always need a detect and contain program as well.
  • The reason you don't only go with detect and respond without prevention is that the flood of valid information will be too much for a security program to handle.
  • There was a strong argument for detect and respond because it shows the products you spent money on are actually working. This is not just to humor the security professional, but also to give some "evidence" to the senior executives.
  • A lot of prevention comes down to the individual. But since it's so tough to get people to change behavior, there's less friction to just purchase another prevention tool to protect people from their own behavior.
  • Prevention tools won't stop the attackers who sit dormant on a network waiting to attack. Their behavior has to be spotted with the use of detection and containment.