Skip to content

If Containment is the New Prevention…

December 14, 2011

A couple of weeks ago, Websense published its cybersecurity predictions for 2012.  One in particular prediction caught our eye: that containment will become the new prevention.  We’re assuming that Websense’ prediction is that the focus for many organizations will shift from preventing external and insider attacks, data breaches, and other incidents, to containment (rather than being something that many aspire to, but very few have yet to attain, by the way…)

We’ve been saying the same thing for a number of years.  2011 has demonstrated that, even when an organization knows that an attack is imminent, many remain unable to do anything to prevent it.  On this basis, it’s inconceivable that using the point SIEM tools that exist in many large organizations most will be able to contain it.  This is supported by Ponemon Institute research that suggests that the current average response time to a security incident is 18 days.

If Websense’ prediction is going to become reality then there needs to be a fundamental shift towards tools that can correlate large amounts of security data, in all of its native formats to provide analysts with a real-time, contextual view of their security posture.  And, in order for this to happen, SIEM must be dead.

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: