Why The Detection-First Security Approach Isn't Working

vtqhtr413

Level 26
Thread author
Verified
Top Poster
Well-known
Aug 17, 2017
1,449
Stopping new and evasive threats is one of the greatest challenges in cybersecurity. This is among the biggest reasons why attacks increased dramatically in the past year yet again, despite the estimated $172 billion spent on global cybersecurity in 2022. Armed with cloud-based tools and backed by sophisticated affiliate networks, threat actors can develop new and evasive malware more quickly than organizations can update their protections. Relying on malware signatures and blocklists against these rapidly changing attacks has become futile. As a result, the SOC toolkit now largely revolves around threat detection and investigation. If an attacker can bypass your initial blocks, you expect your tools to pick them up at some point in the attack chain. Every organization's digital architecture is now seeded with security controls that log anything potentially malicious. Security analysts pore through these logs and determine what to investigate further. Does this work? Let's look at the numbers:
 

MuzzMelbourne

Level 15
Verified
Top Poster
Well-known
Mar 13, 2022
599
... threat actors can develop new and evasive malware more quickly than organizations can update their protections...

Developers are always going to be using the 'whack-a-mole' approach to security. To do otherwise would not be cost effective, either financially or in system overhead terms.

$172 billion sounds a lot, but my government just spent $500 billion for 3 submarines, so some perspective is required here.
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,094

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top