There’s a great deal of hype regarding advanced persistent threats, sophisticated attackers and the futility of trying to protect customers.
The reality? Just about all attackers can be stopped — if you put the right systems in place. There are challenges, however. First, few security programs are designed so that they’re effective at stopping a committed attacker. And, there’s a disconnect in what customers expect from security versus what systems should actually do.
In his concurrent education session titled, “Why You’re Selling Security All Wrong,” at the Channel Partners Conference & Expo, April 17-20, in Las Vegas, Ira Winkler, president of Secure Mentem, and author of “Advanced Persistent Security,” will posit that security programs should be designed to prevent attackers from getting out, not to stop them from getting in. He will present real-world case studies that show how to create the appropriate mindset within customer organizations and how to create a security program that stops even the most advanced adversaries.
In a Q&A with Channel Partners, Winkler gives a sneak peek of what he plans to share with attendees.
Channel Partners: What’s wrong with the current mindset regarding security programs?
Ira Winkler: Most people look at security not as security, but specifically as protection. A comprehensive security program requires that protection, detection and reaction must all be addressed.
CP: What’s the message that customers need to be getting and currently aren’t regarding security?
IW: Protection will fail, so detection should be in place to find those failures. Also, people seem to think there is a silver bullet. There are no silver bullets, and comprehensive programs are required.
CP: What are some of the ingredients/components of an effective security program?
IW: An effective security program begins with leadership, and specifically the documenting of policies, procedures and guidelines to define the security program. From there, you need to determine what the organization has of value, and then figure out what are the vulnerabilities associated with that value. You then go ahead and figure out the most cost-effective countermeasures to protect that value, and then determine what detection mechanisms to determine when the value is potentially being compromised. Clearly then, you need to ensure that you have an incident response program laid out in advance, and that program is periodically tested.
CP: What do you hope attendees walk away with and make use of from your session?
IW: Attendees should come away with a better understanding of the nature of the security problem, and what it takes to secure their customers’ environments. They should be able to understand what a comprehensive program looks like, and to be able to help their customers understand their true concerns, and thereby sell security solutions more effectively to improve their numbers while truly serving their customers.