Many of the problems that information security professionals face today are ones they grappled with years ago. Although the threat landscape continues to evolve, obstacles tied to protecting endpoints, managing privileged accounts, and remediating vulnerabilities have - for the most part - not changed too much.
Threat actors are evolving their tactics, honing their capabilities, and at times communicating with one another to achieve a successful outcome no matter what their end goal is, so how can the security warrior of today take on the ever-present challenges they face, in addition to staying abreast of the looming threats? It’s really about striking a balance between prevention and detection, according to Israel Barak, CISO at Cybereason.
“A lot of organizations still focus most of their security strategy on trying to prevent threats from going into their network,” he told InfoSec Insider during a recent interview. “As opposed to realizing that prevention has its place in the security stack, but certain threats will find their way. A significant investment is needed in building a detection oriented strategy.”
In the full video interview below, Barak further discusses the approach that far too many businesses take when it comes to their security strategy, but also highlights the steps that security professionals should be seeking to rethink the programs and challenges they face tied to measurably reducing risk within the business.