 back to blog

It’s about the survival of the fittest!

The Masked CISO
November 29, 2021
Please note that this is an automated translation. For the most accurate information, refer to the original version in English.

The Vectra Masked CISO series gives security leaders a place to expose the biggest issues in security and advise peers on how to overcome them.

I’m always asked what keeps me awake at night. Being targeted by APT groups? New ransomware strains? But if you’re worrying about being attacked as a CISO, you’re probably in the wrong line of work… It’s not our job to prevent attacks from taking place, but to catch them, stop them from escalating, and ensure infrastructure recovers. We must keep a clear head, assume we’re always being targeted, and accept we may already be breached to protect our organisation effectively.

This holds true as attackers become more organised – constantly tweaking threat vectors, studying widely-used security playbooks, or testing their attacks against ancient security tools like IDPS (intrusion detection and prevention systems). By relying on signatures to detect known threats and following the same old approaches, you’re always going to be caught out by modern attackers, who already have the tools to bypass these dated defenses.

But I still see 90% of CISOs today are “playing it safe”, clinging to old playbooks and legacy tools like IDPS. Perhaps it ticks a box for them by filling a control gap, or maybe the board is tired of security asking for new products, or these tools are just seen as “tried and tested”. The inconvenient truth is that we can’t sit on our laurels in security, or we’ll be completely exposed to attacks like Sunburst and Colonial Pipeline. And the reality is there is plenty of innovation happening and alternative options out there from smaller players.

The old ways aren’t working, so CISOs must be brave, throwing their playbook aside and stripping out dead weight. It’s not about toys for the boys anymore. We need to be honest with ourselves and the board here, explaining these methods have served their purpose well for a time. The landscape has changed, and we need a new threat-led security model that puts the security posture of data first.

But, to get the buy-in needed for threat-led security, you must separate the wheat from the chaff. This means replacing legacy tools with solutions that fit better with data-centric security models to give you better value for money overall. For example, a signature-based system that throws up thousands of contextless alerts can be replaced with a solution using AI and Machine Learning to spot only the riskiest behaviours and flag them up to teams.

As high-profile breaches continue, it’s only a matter of time until the board realises your trusty playbook is not working. It’s time to change your approach, use the innovation already out there today and keep your organisation safe.

This blog originally appeared in The Register.

Want to learn more?

Vectra® is the leader in Security AI-driven hybrid cloud threat detection and response. The Vectra platform and services cover public cloud, SaaS applications, identity systems and network infrastructure – both on-premises and cloud-based. Organizations worldwide rely on the Vectra platform and services for resilience to ransomware, supply chain compromise, identity takeovers, and other cyberattacks impacting their organization.

If you’d like to hear more, contact us and we’ll show you exactly how we do this and what you can do to protect your data. We can also put you in contact with one of our customers to hear directly from them about their experiences with our solution.

Get in touch