Content

Debate

FOR, by Abe Kleinfeld, president and CEO, nCircle

Although security spending continues to rise, executives remain frustrated that businesses are far from the desired goal. Organizations need to rethink their security strategies in order to improve effectiveness while containing costs.

What's needed is a balanced approach that adds proactive security solutions to "shrink the targets." These solutions are intelligence-based -- they continuously gather a deep understanding of everything running on an IP network to identify areas of risk, and then prioritize the remediation of that risk.

Proactive solutions -- vulnerability and risk management systems -- also capture the intelligence needed for regulatory compliance.

It's a far more effective approach to balance spending on both reactive and proactive solutions than to simply add more depth to reactive systems. Only when organizations balance their spending on both stopping the bullets and shrinking the targets will security nirvana be achieved. It's time for "defense-in-depth" to give way to "defense-in-balance."

AGAINST, by Brian Contos, chief security officer, ArcSight

Defense-in-depth is more critical than ever before. There has been an increasing trend to correlate disparate events from routers, firewalls and mainframes with document management tools, enterprise applications and virtually everything in-between.

Various avenues of access, such as wireless, remote access, removable media, P2P, IM and reverse HTTP tunnels, make getting information in and out of an organization trivial. If you fail to log and monitor everything and everyone, you will likely miss the problem – especially if you are simply depending on internet firewalls and intrusion detection systems to do all the work. If you have not experienced a security issue yet – consider yourself lucky, but do not consider yourself secure. You do not need to be a skilled hacker to copy 50 gigs of customer files to your MP3 player, and this type of low-tech security breach has led to a steady rise in insider threats that, in turn, have led to identity theft, increases in fraud and organized crime.

This is why defense-in-depth is necessary and why it is not a failure.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.