'The approach to security needs to change'
Too much effort being spent on blocking attacks and not enough on detecting breaches once they've occurred, panellists in recent CRN debate argued
The industry is getting it wrong when it comes to tackling security threats, with too much effort being expended on stopping attacks and not enough on detecting breaches once they have happened.
That was according to panellists in a recent CRN roundtable, which can be viewed for free by registering here.
"There are two types of company in the world: those that have been breached, and those that are about to be breached," said Terry Greer-King, director of cybersecurity at Cisco UK during the session, which also featured representatives from distributor Ingram Micro and VARs Hutchinson Networks, innovecom and Blue Logic.
"If we start to accept that everyone is being breached, the approach to security needs to change. We need to move away from just thinking about stopping to anticipating that breaches and hacks are occurring."
Greer-King said the industry average for recognising a breach is currently between 100 and 200 days.
"This is just too long. We have found examples of up to nine months when the bad guys are in the network doing horrible things," he said.
"People are in the network and we don't necessarily know about it, and stuff is getting stolen. So there's a big shift towards analytics; not just deploying firewalls and technology and architecture - we need to do all that and we need to unify all that; but we need to move towards analytics engines to work out when we are being breached and then try to remediate and get down to root cause."
Stephen Hampton, CTO of Hutchinson Networks, agreed.
"The emphasis has really shifted to security operations and security analytics," he said.
"Some of the numbers we have looked at the spend around security operations was previously around 23 per cent of overall spend and that's increasing to something like 39 per cent next year."
The roundtable, entitled Battling Breach Fatigue was part of the recent CRN Security Summit, and can be viewed in full by registering here.