Detect and react is the new prevention, say infosec professionals

In a session titled ‘Data Integrity Debate’, held September 20th, at the first (ISC)2 congress, collocated with ASIS 2011, John Petrie, CISO, Heartland Clark; Preston Wood, CSO, Zion Bank; and Pam Fusco, principal, Booz Allen Hamilton, defied the session’s promise of debate by agreeing unanimously that security professionals should start concentrating on detect and response as opposed to prevention.

“You can’t prevent a phishing attack from happening, so you instead need to focus on responding in a pro-active manner”, Wood said.

Both Petrie and Wood agreed that the greatest challenge information security professionals face today from a data perspective is the amount of data that we generate. “We are simply generating too much data, which fraudsters understand the value of”, Wood explained. “The general public aren’t taking precautions to deal with this new-age [information] threat. It’s beyond the ability of infosecurity experts and the vendors who create the solutions to block and prevent every attack. We need to think about risk assessment, and we need a paradigm shift to focus on rapid detection and response.”

Petrie agreed that he wanted to make that shift on behalf of his organisation, Heartland Clark, but would do so at a slower pace that Wood. He sited a “finite amount of money” as the reason, and explained that security was allocated 8-12% of the total IT budget.

Wood explained that the first step to security your business’ data is understanding it. “Look at what data you have in your environment, What decisions can you make with that? Analyse and use your data to help you make better decisions”, he advised. “The criminals and threats are moving faster than the information security industry. Analyse your data to get ahead of the threat”.

Both Petrie and Wood agreed that data analytics are key, and discussed the skill sets needed of an information security professional to succeed in such task. “We need data scientists”, asserted Wood. “Someone that can script, someone familiar with data analytics, someone who can code and pull data together. That’s the holy grail, but there are not many out there”. At the very minimum, he said, “the job requires SQL skills and someone who understands database admin. An understanding of the business is also essential. Technical tunnel vision doesn’t help”.

Fusco concluded the session by summarising that “everything is evolving. We can’t set [automated] thresholds anymore – we need to analyse the data to know what is happening”. She finished by sharing her “personal motto” with the audience; “always use protection”, she joked.

What’s hot on Infosecurity Magazine?