Let’s Look at Prevention vs. Detection in Light of the Global Cyber Skills Shortage

At Palo Alto Networks, our view is that by architecting for prevention, organizations and governments have a much greater advantage in cybersecurity than with a detection-based approach. That’s important not only from a technology perspective but also based on the current state of skilled cybersecurity workers.

Advanced persistent threats have proven to be too sophisticated for legacy security solutions. Taking a prevention approach means that security products should have the ability to identify both known and unknown threats and stop them in real time. The product can differentiate between activity that is malicious and activity that is benign, and deliver a prevention notification to the security team.

On the other hand, security products taking a detection-based approach generate alerts that a malicious activity is currently happening. This creates a significantly different load distribution between what the security product itself can do and what’s manually required of the security team — putting much heavier burden on the latter.

Alerts require management. The security team has to rate the alert severity and determine the response volume. This decision making process is far from trivial and requires both experience and talent. Having a skilled team of security analysts is therefore a prerequisite for a detection-based security to work properly.

The problem is the severe shortage in such a trained workforce. In the ISACA 2015 Global Cybersecurity Status Report, which surveyed more than 3,400 members of ISACA:

“…Close to half (46 percent) of respondents expect their organization to face a cyberattack in 2015 and 83 percent believe cyberattacks are one of the top three threats facing organizations today. Yet an alarming 86 percent say there is a global shortage of skilled cybersecurity professionals and only 38 percent feel prepared to fend off a sophisticated attack.”

These are highly skilled workers we’re talking about. Here’s a look at a description of one of the hundreds of open security analyst positions out there:

“A skilled and trained security analyst is an individual experienced in computer intrusion analysis and incident response, Intrusion detection, computer network surveillance/monitoring and network reconnaissance. Has knowledge and understanding of network protocols, network devices, multiple operating systems, and secure architectures.  Know his way with computer evidence seizure, computer forensic analysis, data recovery and computer network forensics”

The required workforce to securely implement a detection-based approach is costly and hard to find. Because there’s such a shortage of these workers, no security team can expect to have the best professionals working all shifts, all the time.

But advanced persistent threats are named so because they are indeed persistent. Sooner or later the less-skilled security analyst in the team will be on shift and will fail to interpret an alert correctly.

Prevention-based approaches help ease some of that cyber skills shortage. A security team implementing a prevention approach isn’t spending most of his or her time determining if a certain activity is malicious or not. More decision-making is done in the security platform, which is both integrated and automated, and the security team becomes engaged only after the malicious activity has been terminated. The required set of skills to manage this system is much more common than the security analyst described above. Prevention solutions can help ease the burden of cyber skills shortage much more effectively than detection solutions.

Palo Alto Networks natively integrated platform brings network, cloud and endpoint security into a common architecture, implementing full proactive automated prevention.

Learn more about Palo Alto Networks automated prevention security platform here.

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42


SUBSCRIBE TO RSS