With cyber crime notoriously growing, paying someone to install security software is not enough. We are finding vulnerabilities and weakness in systems that have expensive stacks with a large IT staff. For example, if an IT department of an organization decides to block all downloads due to downloading being an entry for malware, it shows the organization misunderstands cyber security. Before fallacious argument starts getting thrown around, a misunderstanding of security is the number one weakness when it comes to protecting a system.
Definition of Weakness:
“‘Weaknesses’ are flaws, faults, bugs, or other errors in software or hardware implementation, code, design, or architecture that if left unaddressed could result in systems, networks, or hardware being vulnerable to attack,” according to https://cwe.mitre.org/about/index.html.
To conclude the weakness portion, if the literal system’s architecture is flawed, it is impossible for the implementation not to be.
As for expensive (needlessly of course) ineffective stacks with vulnerabilities, it might be the biggest eye opener for most readers. That is, cost should never be the first factor when it comes to cyber security. For example, “SentinelOne leads in the latest MITRE ATT&CK Evaluation with 100% prevention.” Without getting too technical, “SentinelOne delivered the fastest protection. With its real-time protection, Singularity XDR provided the MITRE ATT&CK Evaluation with the least amount of permitted actions in the kill-chain for attackers to do damage.” Turning to the metaphorical Adidas to Nike analogy, preference might not be a factor. After all, if there is only one product that works the best, then there is only one option, right? (The answer is always yes.)
This blog is not marketing for SentinelOne. It is to show an example of how there were around 30 organizations competing with SentinelOne in the MITRE Engenuity ATT&CK® 4th Evaluation, and none of them were able to get the same results across the board. Furthermore, SentinelOne currently (circa 2022) does not have the largest market share in endpoint protection. Yet, it is the best. With that said, SentinelOne does not protect all, so it is essential to understand that a secure stack must cover 360 degrees of an information system(s).
There are other security products that do not focus on endpoint point protection, such as Area 1 Security.
As all of these products deserve features in their own right, as well as there are many other security products not mentioned here that deserve just as much or more praise than the aforementioned products, the products mentioned above were chosen due to their results in today’s most common threat vectors.
If we would have left out email security, today, this blog would be worthless. Obviously, there is nothing wrong with sending information through email (especially when encrypted at rest, in transit, per session, etc.). Because of that, endpoint detection and protection, SOCs, NOCs, etc. will more than likely not detect Business Email Compromise (advanced phishing) per se. According to Area 1 Security (and Cloudflare of course), among others, Area 1’s improper emails detection efficacy is “99.997%.” A product that cannot achieve an equal percentage of detection should not be compared.
Cyber security and cybercrime are continuously changing. Because of that, the best security products for their respective markets today might not fare so well tomorrow. Managers who are responsible for securing information systems must know the intricacies of their security products when choosing to implement a stack. A single open vulnerability or weakness will allow a hacker to penetrate the system. Moreover, over securing an endpoint will not secure a website for cross site scripting (XXS) for example.
In conclusion, security must be made based on results of the products and nothing else. (Everything else is a compromise.)
Please feel free to contact us if you need assistance building a secure stack for your business.
References
https://cwe.mitre.org/about/index.html
https://www.sentinelone.com/lp/mitre/
https://www.sentinelone.com/blog/our-take-sentinelones-2022-mitre-attck-evaluation-results/