The next Hollywood blockbuster will not be about efficiently managing your security resources!
Ok, I am almost 100% sure that the following words have never been uttered in a Hollywood pitch meeting:
“Studio Head: Upcoming summer tent-poles, any ideas?
Screenwriter: You know what would be great – is if we had this team of highly skilled IT security experts who defend their company’s information infrastructure by developing a well researched , efficient strategy to manage, mitigate, and minimize risk!”
Building a secure IT infrastructure isn’t the sexiest concept out there. Hacking, on the other hand is usually at the center of attention when it comes to media coverage and has even been fodder for numerous Hollywood blockbusters and TV shows.
Turn on the news on a given day and you are bound to find another high-profile victim of hacking. Now ask yourself, where are all the stories that focus on the countless work that goes into protecting a company’s most valuable asset – its information?
Joshua Goldfarb, CTO – Emerging Technologies at FireEye, explains why “Hacking Is Sexy, But Defending is the Grown-up Thing to Do” in his article posted on SecurityWeek.com.
In the article he poses the question: “Where are the conferences that exhibit, discuss, and celebrate the defender?”
He suggests that the stage should be opened up to defenders and others that have taken work from the research community and successfully applied their findings to their operational environments.
It’s no surprise that, after a threat has been revealed, there tends to be a knee jerk reaction from top executives to try to put measures in place to counteract future attacks. However, little is done to pre-emptively defend against attacks in the first place.
Focusing valuable resources on the most value-added activities is also a key component to a sound defensive strategy. Determining which security solutions can help organizations invest precious and limited resources more wisely towards mitigating risk is certainly a key factor in a well developed defensive strategy. This, in turn, improves efficiency by reducing time and money wasted on activities and tasks that have little to no value-add when it comes to reducing overall risk to the organization.
Goldfarb concludes that “As a security community, if we work to build bridges between researchers and defenders, we can help apply important knowledge to real operational problems. This, in turn, will greatly aid us as a community in improving the security postures of our organizations.”
CSP is pioneering the future of security automation with the launch of our brand new Protect-X automated hardening solution, which will harden your Non-Stop and Linux systems and also help manage security resources more efficiently.
To learn more about our Protect-X solution please click here.