Even the most sophisticated, well-intentioned perimeter-focused cybersecurity strategy cannot possibly be 100 percent effective – yet that's what is required for these approaches to succeed.
Security breaches are inevitable, and it's not the fault of the quality of your perimeter defense tools or your IT security staff. The problem is your fundamental approach.
Here are four reasons to rethink a perimeter-focused approach to cybersecurity:
The increasing connectedness of organizations extends the network perimeter while making it porous. Mobile and cloud computing push the range of enterprise applications and data far beyond the data center and provide new ways for malware to enter the network. Once inside, malware is invisible to perimeter defenses, exposing the enterprise's ‘digital crown jewels' to harm.
Advanced threats are winning against current security controls, and adding more controls doesn't help. The most dangerous threats are stealthy and persistent, often unfolding in stages over days, weeks, or even months. Attackers can remotely direct the initial compromise, causing it to spread laterally and shape-shift to achieve their end game.
Each prevention-centric product has only one imperfect chance to identify a particular threat before it slips past the defenses into the network. And once malware enters the network, perimeter defenses are blind to any further activities, leaving the attacker free to conduct its dirty work.
Prevention-focused security strategies drain IT resources. It can take an experienced security analyst weeks to properly tune a firewall or IPS, and hours or days to sift through thousands of daily alerts. There aren't enough highly skilled security analysts to meet demand.
Network security has always been complex, but that complexity is accelerating — as is the sophistication of the entire ecosystem of malware. What's needed are cybersecurity strategies that are even more adaptive than the malware they're trying to outmaneuver.