The assumption that the attacker is already inside--or soon will be--is the new mindset in the security industry. It represents a gradual but significant mindset shift in an industry that has been built on a defensive strategy of firewalls, antivirus apps, and other tools. There's a growing sense of fatalism: It's no longer a matter of if or when you get hacked--the assumption is that you've already been hacked, and the focus is on minimizing the damage.
The new appliance demonstrated at RSA is an example of this approach to security. The view comes from resignation that the bad guys are getting in even with your defenses in place, security experts say.
"The dirty little secret in our industry is that everyone has been compromised," says Darin Anderson, U.S. country manager for Norman Data Defense Systems.
Kevin Mandia, founder and CEO of Mandiant, echoed the same sentiment at the recent B-Sides Conference in San Francisco. "I believe security breaches are inevitable," he said. "We're always trying to dumb down security, but we need to scale our experts, and we need software that scales" with experts and is more than just blinking red or green lights, he says. Visibility into what's going on in your network is key, he said.
This philosophical shift toward most everyone--not just high-profile government agencies or corporations--accepting breaches as a fact of life is a result of the increase in successful and hard-to-kill advanced targeted attacks, most of which come from nation-state adversaries hungry for intellectual property and other competitive intelligence. These attacks, which were once the bane of primarily the military and defense industrial base, are now spreading to all corners of the commercial world. They're even hitting smaller but just as lucrative targets such as law firms.
Preventing these attacks--which typically originate from phishing attacks on users who fall for a lure--is difficult. And the high-profile hacktivist-driven attacks from Anonymous demonstrated that when determined attackers want to get in, DDoS you, or "dox" you for hacktivist purposes, they will likely find a way to shame your organization.
It's no longer a matter of if you get hacked, but when. In this special retrospective of news coverage, Monitoring Tools And Logs Make All The Difference, Dark Reading takes a look at ways to measure your security posture and the challenges that lie ahead with the emerging threat landscape. (Free registration required.)