Last week marked the end of the 2016 Summer Olympics and this year we witnessed several impressive moments. The image of Usain Bolt, giant smile and legs a-blur, is hard to forget. But equally memorable are the times that team efforts outshone those of any individual. This concept of building a cohesive, top-performing team that is more than the sum of its parts is echoed in an emerging security trend: the new cybersecurity stack.
Like the Olympics, the security industry is a highly-visible playing field, with all the fanfare and expectations and often failed dreams. Security hopes are pinned on New Gen "superstars" that are highly hyped yet don’t deliver the promised gold. However, the failure isn’t necessarily the product, but the expectation that one solution can keep endpoints secure.
Cybersecurity is best approached in a multi-tier, targeted strategy. A great team consists of focused and dedicated members -- each best in one's area -- like the U.S. women’s successful "Final Five" gymnastics team set-up. In the same vein, a cybersecurity stack prepares the enterprise by building a "team" of expert products, each complementing and augmenting the other.Going beyond AV
The 2016 Ponemon Cost of Data Breach Study found that the average cost of a data breach is now $4 million, up 29 percent since 2013. Endpoints are the first line of cyber defense and the place most often compromised. At a minimum, an optimal endpoint stack should start with effective and efficient prevention. This cannot be anti-virus alone.
Even the most sophisticated "next-gen" anti-virus must decide whether to allow or block a file, and therefore is necessarily limited to its detection logic -- whether that be based on heuristics, signatures, reputation lists or machine learning. They also do not prevent file-less intrusions.
However, AV is still the most efficient prevention for common malware and should not be simply discarded.What’s the "winning" stack?
To build the ideal security "team", augment AV with new memory protection and exploit prevention technologies. For example, Moving Target Defense uses counter-deception techniques to change the attack surface -- in memory in particular -- so that attackers can’t find their target. This method has proven to be very effective against advanced and targeted attacks, complementing anti-virus prevention.
Other components should be added according to unmet risk mitigation needs, with the goal of bringing the widest range of protection with the least cost and business disruption. A key factor in evaluating every component is that it works well with the other elements in your stack, building on strengths and shoring up weaknesses. Businesses that experience numerous attacks may want to add EDR and sandboxing techniques, especially given that malware is most likely already in their network.
With such a lean, effective prevention stack companies could possibly do away with HIPS, personal FW, tedious repetitive patching prompted by new vulnerabilities and other techniques that make their "team" bloated and costlier without adding to security efficacy.
By balancing traditional and innovative approaches while focusing on the optimum (rather than the maximum) complementing technologies, organizations build a highly effective security stack -- one that can bring in the security gold medal in this competitive, hyped and oftentimes challenging industry.
Ronen Yehoshua is the Co-founder and CEO of Morphisec with more than 20 year of technology management and venture capital experience. Prior to Morphisec, Ronen was a partner at Cedar Fund, an international venture capital firm with over $325M under management. In this strategic, hands-on role, he lead investments and resided on the boards of several companies in seed and growth stages.