The battle for cyber security

Next generation security solutions can deliver increasingly better protection at a lower cost, while making attacks less effective and more costly for perpetrators to commit, says Saeed Agha of Palo Alto Networks

Tags: Palo Alto Networks (
  • E-Mail
The battle for cyber security The era of ‘detect and fix’ security is over, says Agha.
By  Saeed Agha Published  July 3, 2014

Who’s winning the ‘detect and fix’ war? It’s harder and harder for all of us to get a sense of how are we doing in that battle even as the threat space changes rapidly. Threats are evolving faster, they’re getting more complicated, they’re more targeted, they’re more focused. They are more threatening just due to the fact of who’s behind them. The criminal ecosystem is well organised, well-funded and that evolution is going to continue going forward.

There’s an appropriate level of concern certainly in the industry, and from a Middle East customer perspective, as to who is winning and who is losing the security battle, and even how you keep score? The definition of success in the battle has been based in the past on what can you detect and then how much of it you can fix, and how fast you can do it. It was, and still is a ‘detect and fix’ mentality, which often feels like we’re not winning because all we are doing is playing catch-up.

Seismic shifts
There are seismic shifts in the cyber security environment. Take SaaS, for example. Very few folks in the Middle East are using proprietary applications anymore. They’re all using third party applications. The advent of SaaS has created a situation where your apps have left your network. Then you have the proliferation of mobile devices, and the result of that is your users have left the network. Then with the advent and push for cloud, your network has left the network.

The combination of these things has created a perfect storm. Applications have become a key route into your network and the fact that there’s an explosion of third party applications traversing your network has given the bad guys more and more ways to get in.

The proliferation of mobile computing devices means more points of entry. The cloud then offers up the opportunity for the bad guy to take advantage of one access point to get to 100 companies instead of having to do it one at a time.

Let’s blur things even further with the consumerisation of IT. This means that businesses don’t know what’s personal, don’t know what’s business anymore, whether it’s on their laptops or their phone. And the Internet of Things threatens to create a zillion more end points on the network. The reality is that that all these networks and access points have to be protected.

Legacy solutions
The solution for a long time has been to throw more and more technology at the problem. I don’t think that’s been terribly successful over time. One problem is that it creates increasingly high demands on the customer to react to all the alerts, all the inbounds and figure out what to do with them. As a result, you get increasingly high demands for very skilled, expensive teams to watch all that technology and figure what to do with it - more technology, more operational burden and expense, and increasingly questionable efficiency.

It’s time to turn a page here. It is time to redefine what success should be. Success should really be based on prevention. How much prevention can you actually do, how many preventative measures can you put in place and how fast can you improve these to stop more and more threats? Nobody’s going to stop 100% of the bad stuff — you have to look at what’s possible.

One way to think about this is that if legacy security technology may be able to take care of 90% of the problems, it’s the other 10% that is causing all the pain. If you have a more advanced technology which can take care of 95%, it’s the 5% that is the burden.

So what should organisations in the Middle East do? You should swop out the legacy technology to get that bar higher. You need to iterate your advanced technology very quickly so that 95% can become 95.2%, 95.7, 96, 96.1%. This means you are raising the level of preventative capabilities and you’re reducing the operational burden of detection.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code