Question: What is the difference between security and resilience?
Vectra CTO Team, Technical Director, Tim Wade: In fact, enterprise security is emphasizing prevention Measures as a defensive measure. Often, far beyond the point of diminishing returns, we overinvest in such measures. Such emphasis raises the “advocate dilemma”: The attacker needs to be right only once, but the defender needs to be right every time. This is mostly correct in a precautionary manner, but unfortunately the slow-motion train wreck in the ransomware campaign after the ransomware campaign shows that everything is going well.
Modern focus ResilienceOn the other hand, even if the focus shifts to eliminating the expected impact of the entire attack chain, we will not lose sight of the enemy’s first compromise. Resilience-based security goals are not overly reliant on preventative controls, but rather a complete suite of available security controls, the effort that an attacker must invest to proceed with an attack. It disproportionately increases the cost of materials and time and reduces its potential. Such an attack ends in serious confusion.
A resilient security architecture is one in which the defender maintains visibility across the enterprise. Attacks are detected, contained, and eliminated early before the attacker achieves his or her objectives. Recovery from accidental damage is quick. This is a generally cost-effective approach that is adaptable to today’s enterprise dynamic business factors (eg digital and cloud transformations). Effective visibility, detection, and response are all hallmarks of resilience and are the most likely approaches to better manage enterprise risk in a world where boundaries, mobile assets are disappearing, and cloud adoption is accelerating. ..
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breaches, and new trends. Delivered daily or weekly to your email inbox.
What is the difference between security and resilience?
https://www.darkreading.com/edge-ask-the-experts/what-is-the-difference-between-security-and-resilience- What is the difference between security and resilience?