Why Security Defenses Don’t Prevent Data Breaches

Wednesday, September 08, 2010

Contributed By:
Danny Lieberman

Assuming you knew why a data breach will happen, wouldn’t you take your best shot at preventing it?

Consider this:

Your security defenses don’t improve your understanding of the root causes of data breaches, and without understanding the root causes – your best shot is not good enough.

Why is this so?

First of all – defenses are by definition, not a means of improving our understanding of strategic threats. Think about the Maginot Line in WWI or the Bar-Lev line in 1973. Network and application security products that are used to defend the organization are rather poor at helping us understand and reduce the operational risk of insecure software.

Second of all – it’s hard to keep up. Security defense products have much longer product development life cycles then the people who develop day zero exploits. The battle is also extremely asymmetric – as it costs millions to develop a good application firewall that can mitigate an attack that was developed at the cost of three man months and a few Ubuntu workstations.

Security signatures (even if updated frequently) used by products such as firewalls, IPS and black-box application security are no match for fast moving, application-specific source code vulnerabilities exploited by attackers and contractors.

Remember – that’s your source code, not Microsoft.

Third – threats are evolving rapidly. Current defense in depth strategy is to deploy multiple tools at the network perimeter such as firewalls, intrusion prevention and malicious content filtering.

Although content inspection technologies such as DPI and DLP are now available, current focus is primarily on the network, despite the fact that the majority of attacks are on the data – customer data and intellectual property.

The location of the data has become less specific as the notion of trusted systems inside a hard perimeter has practically disappeared with the proliferation of cloud services, Web 2.0 services, SSL VPN and convergence of almost all application transport to HTTP.

Obviously we need a better way of understanding what threats really count for our business. More about that in some up coming posts.

Cross-posted from Israeli Software

Share This! |

Views:	3987
Categories:	Network->General
Industries:	Information Security
Tags:	Data Loss Prevention

Post Rating I Like this!

Comments:

You Must Register or Login to Comment

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked

Latest Member Comments

"I thought this article discuss a very important issue of security.If we have well developed technology in one particular field then we ..."

Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013

"ATM machine are for our convenience but if we are not careful they can compromise our safety. Discount theater tickets "

ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013

"A expressive case study is used to explore causation in order to find underlying principles. Case studies may be prospective in which c..."

New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013

"In the social sciences and life sciences a case study or case report is a descriptive or descriptive analysis of a someone, group or ev..."

Case Study: A Cloud Security Assessment... Caitlin Rachel on 05-21-2013