“Too much money is being spent on making noise, and not enough is spent on third-party testing, which is a far more valid use of money”, Fortinet’s Maddison continued. “The industry is marketing itself at the moment, the internet is having a tough couple of weeks”, he said, referring to Heartbleed.
Whilst Maddison claimed that the Silicon Valley is currently experiencing another dot com boom, “with investors spending money for the sake of it”, he believes that organizations are spending the right amount of money on information security, but are spending it in the wrong places.
“The key is analyzing threat intelligence”, he told Infosecurity.”There are a lot of products that do detection but what you really need is automated prevention. We build systems that don’t slow systems down.” Stopping malware, Maddison said, is more important than detecting it. “The contextual information is most important, and applying analytics to that.”
In order to secure their business most effectively, companies should “consolidate their purchased technology and use less vendors.” The industry, he said, needs to share more information. “There’s more competition around who shares and finds what rather than a focus on working together.”
Referring to the current cybercrime threats Maddison reports “the same old threat vectors, and the same old cybercrime lifecycle.” Geographically, he said the US is typically subject to primarily commercial attacks, whereas in Asia attacks tend to be political. “Europe sees a combination of the two”, he said.