Basing safety on a preventive approach: from myth to reality



Until a few years ago, infrastructure security relying on prevention to ensure infrastructure security was a fantasy. Endpoint protection was essentially based on the correspondence between the signature of the malware and the data held by the security systems. This type of method, which required a prior analysis of the suspicious file, gave the malware the opportunity to spread even before it was categorized as malicious. Other approaches involved sending an astronomical amount of data to the cloud so that it could be analyzed, causing significant latency between infection and detection. While these solutions provide a first level of defense, they are mainly based on purely reactive approaches. It was in 2012 that things really started to change: detecting unknown threats to systems, offline and even before their activation, became possible in particular thanks to the new integration of AI and Machine Learning into strategies. terminal security. Called prevention-first, this approach is not only practical but also proven. Despite this, many companies still remain focused on a reactive approach to cybersecurity. Multiplying layers of security is not a miracle solution Every day, more than 350,000 new malware (and their variants) are released and hackers are constantly looking for new loopholes to counter traditional multi-layered security measures (Defense- in-Depth). Although this approach, which advocates the implementation of security controls for each type of threat is concrete, it nevertheless forces IT teams to set up multi-layered and multi-vendor security infrastructures that are inefficient and quickly become obsolete. As each of the layers tends to generate very frequent alerts with an often high margin of error, it has become difficult if not impossible for IT teams to distinguish the real threats in the general hubbub. Consequence: decision-making and the implementation of corrective measures are lengthened or even hindered and it becomes difficult to contain the threat. In addition, Capgemini finds that 56% of IT managers are overwhelmed by the volumes of data coming from endpoints and the cloud and 48% of security alerts are not even analyzed according to Cisco. As a result, and according to IBM, a large portion of contemporary businesses would not be prepared to respond effectively to a major security incident. In 2019, it took an average of 315 days for organizations to identify and contain a data breach caused by a malicious attack. But reducing this response time is not only essential for operational resilience, it is also beneficial from a financial point of view: the more companies resolve this type of incident quickly, the more they save money. “Everyone on the Bridge” Method Far From Sufficient to Maximize Security The challenges facing businesses are compounded by a global skills shortage in IT security. More than four million positions remain vacant to date and the professionals in office are exhausted. Jon Oltsik, Senior Principal Analyst at ESG, rightly said that “the cybersecurity talent shortage should be seen as a real threat and not a minor problem, especially in a world that relies on digital transformation and within which IoT and smart infrastructures are democratizing “. The sector must encourage young talents to get into the security field but also allow more experienced professionals to acquire new skills throughout their careers. Obviously, strengthening the workforce cannot solve the problems we face today. Hackers are always looking for new ways or loopholes to break through defenses, and there will never be enough experienced security professionals to tackle them all. This is why companies today need protection systems dedicated to endpoints. On the one hand, to automatically detect and stop attacks and, on the other hand, to allow security teams to focus on business continuity, digital transformation and projects dedicated to the company’s cyber-resilience. . To this end, decision-makers must adopt a proactive unified endpoint security (UES) strategy based on Artificial Intelligence, Machine Learning and automation. The smooth transition to prevention A security strategy focused on prevention aims to neutralize malware even before it is activated. If malware cannot execute, the downstream consequences and the resulting efforts to trace, contain and repair the damage are greatly reduced. The security layers can then be simplified or fewer in number, at the same time reducing the administrative burden weighing on the dedicated teams, already very busy with alerts from dozens of solutions. By stopping this malware the moment it is intruded, security solutions help improve the resilience of businesses, reduce the complexity of their infrastructure, and streamline their security. A truly effective and responsible approach to cybersecurity undeniably relies on prevention. Companies must therefore put in place real dedicated strategies, both to ensure their security and the continuity of their activities.