Not exactly “the end of” more “can’t be totally reliant on”. My view is that you need a range of measures, starting with an understanding of the threats your business is facing, through establishing and refreshing appropriate security controls (like CTR, detailed below), and being able to mitigate the impact of the inevitable breaches. This is part of the toolbag…:
I became particularly passionate about the need to shift away from ‘detect and protect’ technologies after an ‘interesting experience’ a few years back. At that time, I was running one of the largest global cybersecurity practices for a major outsourcing business. I was invited to go and explain to our largest customer — a prestigious USA Fortune 30 brand — why they had suffered multiple cyber breaches over a 3-month period, despite us re-assuring them that they had the best detection capability that money could buy. After listening carefully to my explanation that our cybersecurity detection-based technologies offered no absolute guarantees around breaches, a particularly eloquent board member simply said, “Dan, this best endeavour approach to detection gives us, as a business, unquantifiable business risk — that’s unacceptable to our shareholders.”
That statement haunted me, but it was a light-bulb moment when I realised that detection-based cyber defences don’t, and never will, cut-it. The penny dropped for me that society needs to move beyond detection.
Content threat removal (CTR) uses a transformational approach to the problem. Digital content such as OfficeX documents, PDFs and images is intercepted at the boundary and is prevented from proceeding. This content is then transformed. During transformation, the business information is extracted from the content and the original file is discarded. After verifying its integrity this content is then used to create a completely new file that is allowed to cross the boundary. Transforming content in this way ensures that none of the original file structure or hidden data, code or malware is ever allowed to cross the boundary.
So, the user receives a completely new document, which is identical to the naked eye, in a fraction of a second – far quicker than it takes to scan or sandbox and with the certainty that the content is threat-free.
There is still a role for detection solutions, but the industry can no longer present them as an end in themselves. Instead, collaboration between transformation and detection vendors will be critical to delivering a flawless, unfragmented cybersecurity defence.