Technology is Not to Blame for Security Problems

FireEye’s senior vice president and chief technology officer, Dave Merkel, recently spoke with ZDNet to highlight the human component in today’s security landscape.

Merkel talked about how even with billions being spent on endpoint security, it’s proving more and more to be a losing battle. The Mandiant M-Trend 2015 report found that while the average time from initial breach to an organization discovering that they have been breached improved from 229 days in 2013 to 205 days in 2014, it was still a significant number. He and other experts said focusing on security as a tech problem leads to bad decision making in terms of the technology selected to solve the problem.

Merkel suggested that businesses need to accept that online attacks will never stop, and they need to implement a security strategy that will enable them to manage attacks as part of their everyday business operations. “What you have to do is think about how you’re going to manage this problem that is always going to be there,” he said. “That is done through defining realistic security goals and then mapping technology, people, and processes against them.”

Merkel noted that improvements will come down to organizations adopting an adaptive defense strategy, which involves equal investments in technology, intelligence, and expertise, and using the tools to detect, prevent, analyze, and respond to attacks.

All this is not to say technology is not important, it must be there, but organizations must focus on motivating people to follow security policies as well as improving people-driven analysis of traffic patterns to achieve the security posture organizations desire.

To read the full article click here.

Related Articles