Is ‘control’ a pipe dream for cyber-sec pros?

Sourcefire urges a strategy based on automation, integration and education, to outwit cyber criminals

Tags: Cyber crimeSourcefire (
  • E-Mail
Is ‘control’ a pipe dream for cyber-sec pros? Anthony Perridge, EMEA channel director, Sourcefire.
By  Anthony Perridge Published  January 15, 2014

The concept of control has long been a cornerstone for virtually every cyber security team's approach to dealing with threats. But with cyber security professionals finding themselves at an increasing disadvantage when defending their IT environments, is it realistic to expect you can gain control over threats and outbreaks?

Attackers are singularly focused on penetrating your network to accomplish their missions. Yet the job of the defender has never been more challenging. As our networks extend beyond the traditional perimeter to include endpoints, mobile devices, virtual desktops and data centres and the cloud, new attack vectors emerge. Compounding the challenge, most security teams don't have the luxury of spending 100% of their time focused on security. They are understaffed and bogged down by manual processes, disconnected security tools, compliance and regulatory issues and other business imperatives.

For many organisations, the solution is to throw more and more people at the problem. In fact, new research from IDC Government Insights finds that overall IT security spending by the US federal government will rise from $5.9bn in 2012 to over $7.3bn in 2017. Of that, in most years, staff salaries account for a surprising 85% - 91% of total spending. And it is probably safe to expect a similar breakdown for commercial enterprises.

With the number of attacks on the rise, it's clear that assigning more human resources isn't a sustainable way to address the problem. Nor is it easy to find skilled cyber security workers. As I wrote in a previous article, it's widely estimated that in the near future, job openings for skilled cyber security workers will top 50,000 between the public and private sector.

"Control" can and should remain at the forefront of any security strategy. But how to achieve that control requires a fresh approach that incorporates automation, integration and education.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code