The Case for Breach ResponseLancope's Tom Cross: Breach Prevention No Longer Effective
The fundamental issue, Cross says, is that many of today's advanced attacks simply cannot be stopped.
"In the past few years, we have experienced a lot more sophisticated, targeted attack activity that is a lot more difficult to mitigate through some of those preventive measures," Cross says.
Organizations now see attackers exploiting security vulnerabilities that will not be patched anytime soon. And intruders now evade off-the-shelf security products, such as intrusion prevention and anti-virus systems.
"When you look at these incidents, you get to the point where [you realize] there really wasn't a business process you could have put in place that would have prevented this attacker from being successful at compromising your network," Cross says. "And you've got to ask 'What do I do now? Where do I go from here?' I think incident response is becoming more central as a part of how we defend our networks."
In an interview with Information Security Media Group at the Gartner Security & Risk Management Summit 2013, Cross discusses:
- The shifting landscape of perimeter security;
- How to approach breach response;
- How to improve endpoint and server visibility.
Cross is director of security research at Lancope, where he works on network anomaly detection with netflow. He is credited with discovering a number of critical security vulnerabilities in enterprise-class software and has written papers on security issues in Internet routers, securing wireless LANs and protecting Wikipedia from vandalism. Cross was previously manager of the X-Force Advanced Research team, where he focused on advancing network intrusion prevention technologies.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.