Managed Detection and Response: The new Security Strategy

Managed Detection and Response: The new Security Strategy


Just last month, we celebrated the 75th anniversary of D-Day. This historic occasion which brought about the end of World War Two also brings to mind one of history’s most ignominious failures: the Maginot Line. After investing millions in extensive fortifications, the French discovered that building thicker walls is no defence if the gate is left wide open.

The same can be said for information security. To date, the perimeter has been built up like the Maginot Line. It’s practically impenetrable. And yet, data security breaches regularly make the news. 

In post-World War One France, the thinking went that putting a massive barrier between itself and Germany would deter invasion. At the very least, it would give the French sufficient time to mobilise should things once again get iffy between the two nations.

Thing is, things did indeed get iffy, with hostilities between the two nations firing up again by 1939. Ignoring the Maginot Line completely, the Nazis took a short cut through Belgium and the Netherlands. The rest, as they say, is history.

While it didn’t quite serve its purpose in the day, the Maginot Line does is sere as a useful metaphor for a crucial issue facing information security today.

For starters, the term ‘Maginot Line’ is sometimes used to describe a defensive barrier or strategy which inspires a false sense of security.

Just like France, defenders these days are spending all their time and effort on keeping invaders out by focusing on a barrier between them and us. But a proper defensive strategy, or defence in depth, depends on a lot more than just a barrier.

After all, a great, big gnarly Maginot Line isn’t exactly a secret. Your attackers know it is there. Throwing a few more bricks on the top just isn’t going to make anything more secure.


Then, you need to consider other methods and means of ingress attackers might take. Like a slight adjustment in where and how they might attack. Blitzkrieg took the French, and indeed most of the Allied powers by surprise, because after Versailles, they were conditioned for the attrition of trench warfare.

Identifying and managing the internal threat

Today, half or more security breaches can be traced to your own employees. Attackers don’t have to grind themselves down trying to sneak past your magnificent Maginot Line if they can get someone to open the gates for them.

See where we’re going with this?

You should, because your employees are the vector through which half or more successful attacks on your business are likely to come from (check out our eBook on this topic. It explains our Security Framework and shows the re-imagination of Cyber Security. )

More than that, your big fancy Maginot Line might not be all it appears. Attackers may well have already breached it without your knowledge (check out Your details are probably there already).

The question now is, when it comes to updating your Security Strategy, will you put more time and effort into more concrete for your Maginot Line? Or will you consider how and where attackers are succeeding?

At Techware, we recommend a validated Security Architecture that lets you anticipate and identify real attacks in flight. These are the attacks that have evaded existing current controls; for insider threats, that means knowing when unauthorised access is made to systems and information. It means targeting user’s behaviour which goes outside their normal pattern. And it means accurately classifying all incidents.

It doesn’t matter how well fortified your Maginot Line is. You could have underground railroads, the biggest guns on the planet, plush garrisons for the troops and the best troops available (or firewalls, intrusion detection and filtering). The French had all of these things and more, but because the focus was on the wrong place entirely, it failed. Don’t let that happen to your company’s information assets.