We live in a world where we expect, no demand, things to happen instantly. Sending an e-mail, waiting for a web page to load, booking an online shopping delivery slot or awaiting an order confirmation. Whatever we’re doing we want to see results now, now, now! So why then do we tolerate delays and latency with our security systems?
When you read coverage of data breaches or malware attacks, we only learn that on event has happened once the perpetrator has left the building. Gone. Vanished. Vamoose. Leaving the organisation with a lot of questions, no answers and a set of very angry stakeholders.
I really don’t see how this aligns with messages pushed into the marketing of ‘360 degree’ or ‘hollistic view’ of the security/vulnerability environment. Of course companies should have these insights, but they can only achieve what the technology empowers them to. Any lag in security creates an opportunity for someone with malicious intent, or someone who doesn’t know better, to do a lot of damage.
Let’s put this into some sort of perspective. On the web, a lot can happen in a very short space of time. For example, in the time it took Usain Bolt to run his world record time of 9.58s for the 100 metres, 59 new websites are created, 1,148 searches take place on LinkedIn, 550,000 pieces of content are shared on Facebook and 208,738 searches take place on Google. In short, a lot happens in the space of ten seconds.
And the same is true in the world of cybercrime. In less than ten seconds, an employee can unwittingly open a seemingly innocent e-mail and a virus start to spread its tentacles and take hold within the corporate network, stealthily awaiting its activation once it is sure it hasn’t been detected. This isn’t scaremongering. This is fact. Security defences are battered every single day and the world in which businesses operate is far from static. It is fast paced and responsive. So why isn’t their approach to security?
There is a lot of talk about real-time security, but when we scratch at the surface, real-time can be interpreted differently by different people. For example, a lot of filtering technologies say that they adopt this approach and yet in actual fact they manage emerging threats, such as anonymous proxies, using a database. The result is that it can take up to 24 hours – or more – for this hole to be plugged.
So let’s face facts. The majority of technologies designed to protect companies are, in actual fact, outmoded because they are being outpaced by cyber criminals. If they were in real-time, you’d be able to see an event when it was happening.
Not being alerted to a breach until potentially weeks later when the damage has been done and you are left to guess at exactly what has been pilfered, what has been riffled through and what has been left untouched. Technologies that operate retrospectively, create a chasm that is open to exploitation. Let’s be honest, we don’t need any more. We need to redefine what real-time means and apply it with vigour, rather than half heartedly.