<img height="1" width="1" style="display:none" src="https://q.quora.com/_/ad/1fa075f6a9144556974dd51ae0b653c7/pixel?tag=ViewContent&amp;noscript=1">
All Posts

Managed Detection and Response: The new Security Strategy

Managed Detection and Response

Just last month, we celebrated the 75th anniversary of D-Day. This historic occasion which brought about the end of World War Two also brings to mind one of history’s most ignominious failures: the Maginot Line. After investing millions in extensive fortifications, the French discovered that building thicker walls is no defence if the gate is left wide open.

The same can be said for information security. To date, the perimeter has been built up like the Maginot Line. It’s practically impenetrable. And yet, data security breaches regularly make the news.  

In post-World War One France, the thinking went that putting a massive barrier between itself and Germany would deter invasion. At the very least, it would give the French sufficient time to mobilise should things once again get iffy between the two nations. 

Thing is, things did indeed get iffy, with hostilities between the two nations firing up again by 1939. Ignoring the Maginot Line completely, the Nazis took a short cut through Belgium and the Netherlands. The rest, as they say, is history. 

While it didn’t quite serve its purpose in the day, the Maginot Line does is sere as a useful metaphor for a crucial issue facing information security today. 

For starters, the term ‘Maginot Line’ is sometimes used to describe a defensive barrier or strategy which inspires a false sense of security. 

Just like France, defenders these days are spending all their time and effort on keeping invaders out by focusing on a barrier between them and us. But a proper defensive strategy, or defence in depth, depends on a lot more than just a barrier. 

After all, a great, big gnarly Maginot Line isn’t exactly a secret. Your attackers know it is there. Throwing a few more bricks on the top just isn’t going to make anything more secure. 

Managed Detection and Response

Then, you need to consider other methods and means of ingress attackers might take. Like a slight adjustment in where and how they might attack. Blitzkrieg took the French, and indeed most of the Allied powers by surprise, because after Versailles, they were conditioned for the attrition of trench warfare. 

Identifying and managing the internal threat 

Today, half or more security breaches can be traced to your own employees. Attackers don’t have to grind themselves down trying to sneak past your magnificent Maginot Line if they can get someone to open the gates for them. 

See where we’re going with this? 

You should, because your employees are the vector through which half or more successful attacks on your business are likely to come from (check out our eBook on this topic. It explains our Security Framework and shows the re-imagination of Cyber Security. ) 

More than that, your big fancy Maginot Line might not be all it appears. Attackers may well have already breached it without your knowledge (check out www.haveibeenpwned.com. Your details are probably there already). 

The question now is, when it comes to updating your Security Strategy, will you put more time and effort into more concrete for your Maginot Line? Or will you consider how and where attackers are succeeding? 

At Techware, we recommend a validated Security Architecture that lets you anticipate and identify real attacks in flight. These are the attacks that have evaded existing current controls; for insider threats, that means knowing when unauthorised access is made to systems and information. It means targeting user’s behaviour which goes outside their normal pattern. And it means accurately classifying all incidents. 

It doesn’t matter how well fortified your Maginot Line is. You could have underground railroads, the biggest guns on the planet, plush garrisons for the troops and the best troops available (or firewalls, intrusion detection and filtering). The French had all of these things and more, but because the focus was on the wrong place entirely, it failed. Don’t let that happen to your company’s information assets. 

Related Posts

The 5 types of Insider Threat Facing Businesses

There are multiple ways in which insider threats can spill over into security breaches. Various studies indicate that user behaviour accounts for over 50% of information leaks. In Australia, the Office of the Australian Information Commissioner confirms that user error accounts for between 32 and 37 percent of all Notifiable Data Breaches in each of the four quarterly reports issued to date. These can further be broken down into threats which arise out of negligence and risks which arise out of criminal intent. 

Why an automated IT Quarterly Report just isn’t good enough

Back in the dying days of the 1990s, a truly funny movie called Office Space came out. While the Y2K bug was all the rage at that time, this isn’t what the movie chose to send up. Instead, its most memorable moments revolve around whacking a defenceless printer to pieces in a field, and the endless, mindless ‘TPS reports’ demanded by an overbearing and insensitive boss.

  • 4 min read
  • Sep 9, 2019 12:50:41 PM