There is a lot of talk about shifting the information security posture from a focus on prevention to greater emphasis on detection and response. In a world where you assume everyone is breached, the logical strategy involves rapid identification and containment. It doesn’t mean you stop patching vulnerabilities. It does mean that organizations need new tools, processes and, in many cases, people.
What needs to change for information security to better meet the reality on the ground? To answer this question, a famous NASA framework can help us rethink what it means to have an emphasis on detection and response and how new analytics approaches can facilitate the transition.
- Vulnerabilities – Known Knowns
- Threats – Unknown Unknowns
- Breaches – Unknown Knowns