Continuing the “Logs are Yesterday’s News” Discussion



 Tags: , ,

We sincerely appreciate people reading the blogs we produce, and recently we had some great feedback on our post about logs. The strong reaction I’ve seen — and keep it coming! — shows there is a place for log collection and SIEM correlation to protect against well-resourced adversaries with time on their hands. In addition, there is the idea that prevention, detection and response are all equally important.

This is a great discussion, and I believe central to how we currently pursue attackers after they get into our environment instead of preventing access in the first place. I honestly believe prevention is more important than detection and remediation. As a cybersecurity community, our lack of prevention innovation led to the situation we find ourselves in today: chasing attackers and turning up details only after the damage has been done. I realize emphasizing prevention over detection and remediation is not popular. And, I’m not saying that detect and response aren’t important. The prevention limitation bleeds over into boardrooms and companies reactively create human resource intensive disjointed technology efforts that do not scale. This approach is not only lopsided, but also prompts reactions based on fear, uncertainty and doubt.

An innovative prevention approach accomplishes the following:

  • It moves prevention as far forward in the attacker kill chain as possible.
  • It takes zero-day advantages way from attackers to prevent unknown threats.
  • It stops attackers cold from installing malware on endpoints.

Here’s the good news: this can be done. It isn’t going to get any easier, but the time for change and thinking different is now. There is a place for SIEM, but we need to make sure that as cybersecurity professionals, we work to prevent crime scenes rather than only describe them.

Palo Alto Networks has a new way to provide prevention that goes well beyond NGFW. Spend some time talking with our team. Learn how our enterprise security platform puts prevention back on the map. What we’re doing will help IT and cybersecurity professionals in some innovative ways. So, think different. Be excellent and be bold. We can help you.

1 Reader Comment

  1. I don’t like the fact that so much prevention emphasis is placed on zero days. Very few successful breaches are the result of genuine zero days. There are so many other methods that it’s extremely unlikely your security is so good that an attacker would have to resort to creating a zero day just for you. Defending against zero days should be one of your last priorities. Unless your security is perfect, or near perfect, you have many other things you should be focusing your time on.

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.