Workload and Application Security Blog

Stop the Insanity--The Cybersecurity Industry Must Do Better

Written by Dave Furneaux | Mar 22, 2022 4:00:00 PM

The cybersecurity industry as a whole has taken on the persona of the pushy car salesman promoting the safest, fastest, most efficient, easiest, or ‘all of the above’ solution. Silver bullet solutions that promise complete protection and ‘no data breaches’ fall short. That is not to say there haven’t been advancements to stop cyber-attacks, but most have been iterations of solutions that have proven to be only incrementally better. 

How can we keep approaching security the same way and expect different results? I am saying it: The current state of the cybersecurity industry is insane and the only way to change it is to take a completely different approach to the challenge. 

How did we end up in this cycle of headline-making cyber-attacks?  

The world is built on software. As we’ve made advancements in how we live, buy household goods, and work, the amazing tools that we use to get those things done more easily and quickly have exploded. Personal information, payment details, you name it, are found within tensif not hundredsof applications. 

Then came the COVID-19 pandemic which shifted workers to remote roles. Everything we did happened online, opening more doors and providing the potential for even more upside for attackers. An explosion in ransomware and supply chain attacks followed. Specifically designed to take advantage of hyperconnectivity and application vulnerabilities as gateways to bypass traditional defenses, these attacks take control of software and launch malicious activity in a matter of seconds. 

Navigating the shift in thinking that is required to stop threats  

Despite prioritizing security and investing in upgrades, CISOs and organizations are falling further behind. Endpoint detection and response (EDR) tools and endpoint protection platforms (EPP) focus on collecting and analyzing endpoint activity and data to identify potential threats, contain the threat, and notify personnel. This cycle relies heavily on known threats and personnel to address and investigate attacks 

Some tools utilize probabilistic methods to determine malicious activity based on machine learning and algorithms. However, results are often laden with false positives, and these tools trigger after an event so dwell time is lengthy. One major EDR vendor touts dwell time of less than 36 minutes, but we already know milliseconds matter. 

Not to mention, we have a major shortage of cybersecurity talent in the US and around the globe. EDR and EPP solutions require continuous human intervention to deal with tuning, updating, learning, noise reduction and maintenance. Clearly this is tedious and impractical, particularly when currently 61% of IT security professionals say their teams are understaffed.  

What you can do to approach security differently and demand better from the industry 

For years, the cybersecurity industry has subscribed to the paradigm of detect, respond, and remediating. This model attempts to follow the attacker and react to various malicious activities, using that knowledge to predict what may happen in the future. Given the continued onslaught of attacks, this approach is clearly flawed. We should all be demanding better. 

Applying first principles to the challenge of cybersecurity, Virsec revealed that the primary battleground of cyber-attacks is software code and its underlying vulnerabilities. By following the code and not the attacker, Virsec concluded the breakthrough to solving the security problem is to protect software from the inside out.  

Virsec’s Deterministic Protection Platform (DPP) completely disrupts conventional approaches by fully mapping and understanding what your software is predetermined to do (the developer’s intent), and immediately stopping what it is not – before damage can be done. It’s the only approach that eradicates even the most dangerous threats—known and unknown—in real-time, before any damage is done. 

No matter the type of application, environment, or attack method employed, DPP ensures full-stack software protection continuously while it is running, wherever it is running. DPP detects attacks that attempt to bypass conventional tools and blocks adversaries before they can exploit a software vulnerability to gain a foothold. With true protection and runtime observability, it instantly reduces adversary dwell time to milliseconds or less, so threat actors never have a chance to install malware or exfiltrate data.  

Let’s stop the insanity by demanding better. Learn how Virsec VSP delivers better.