L A Y E R E D H Y B R I D S E C U R I T Y
Why is security failing?
Most organizations have security controls in place such as antivirus, next generation antivirus, host intrusion prevention and data loss prevention which use a NEGATIVE security model.
Unfortunately, negative security comes up short when it comes to the constantly evolving tactics of these cyber-criminals. Security that solely focus on detecting bad will continue to face the consequences of compromise. Detecting bad is the first line of defense, it shouldn’t be the only strategy. Positive security on the other hand offers a much higher level of security because it only allows what we know is good.
Change the approach
Detection alone as a strategy is failing. The attack vectors are infinite and constantly evolving, keeping up with them is a losing battle. Doing the same thing over and over again is not going to change the outcome.
Positive Security models use whitelisting, they are too complex and time consuming to manage and are really not suitable for today’s dynamic environments where there’s lots of change. For these reasons, most organizations have avoided the Positive Security model to protect their assets.
We at Cyfyx believe that you need a layered approach to better protect your endpoints. In addition to the Negative Security model that most organizations use, we recommend that you implement a Positive Security model alongside, but one that uses a zero-trust framework and does not require heavy lifting.
A better Approach
We have to come to grips with the world we live in. Compromise is inevitable, but the consequences don’t have to be.
Endpoint Detection and Response (EDR) has been a huge tool when it comes to end point protection, but when it’s reliant on an extensive security team to utilize it, it can be a lot for a business to handle.
A better approach is to implement a multilayered strategy with the same goal but using opposing methods to prevent a security breach. The negative security identifies what is known bad or tries to identify what could be bad using big data and machine learning and if something new that cannot be identified does get through the positive security model takes over to blocks the unknown from execution.
