From Threat Detection to Information Protection

Driven by the age-old lure of easy money, many of today’s criminals are using high-tech cyber attacks to commit identity theft and financial fraud to line their pockets.
The technological capability of malware developers has grown to the point where malware can be effectively used to steal information from infected computers.  Targeted attacks and social engineering are being used in conjunction with advanced malware to compromise computers at homes and offices around the world, enabling these high-tech versions of well-known crimes.
Malware can be loosely defined as any software program that is not operating in direct or indirect support of the intended mission of that computing system.   Certain forms of malware known as keystroke loggers, screen-scrapers and session recorders are able to capture operator input and system data and deliver to some other computer over the Internet, where valuable personal or company information can be harvested from the vast fields of captured data.


Today’s attacks usually begin with technically or socially clever schemes that compromise computers with malware. In simple terms, compromised computers spell T-R-O-U-B-L-E. Keeping network-attached computers safe from compromise is a significant part of the chief security officer’s and chief information officer’s job.  From a technology perspective, most experts agree that protecting computers from compromise requires both computer-based and network-based measures.   Host-based software such as personal firewalls and anti-malware software are a necessary part of safe computer use. Network-based technologies like firewalls, intrusion detection systems and intrusion prevention systems can play a key role in securing the infrastructure.

In the past 10 years, we have witnessed the evolution of network-based security from “keeping the bad guys out” with firewalls  to “seeing what’s getting through the firewall” with intrusion detection systems (IDS) to “keeping the bad stuff out” using state of the art technology like intrusion prevention systems (IPS).

This evolution of network-based protection technology has been driven by the need to keep pace with the evolving threat landscape. The current state of the art, using high-performance network IPS technology to identify and block threats can be very effective in reducing the likelihood that protected computers are compromised.   However, IDS and IPS technology generally share one common characteristic that may limit their ultimate effectiveness.  They’re generally focused on identifying the malicious and/or harmful network transactions and stopping them.

IDC Research recently issued a report that found technologies such as intrusion detection systems are only spotting 70 percent of intrusions.  Even taking the logical step to using intrusion prevention systems to stop these intrusions is clearly not going to be 100 percent effective.   Security experts will correctly point out that security is best implemented through education, process and with a layered approach to technology.


Looking forward, organizations will be best served by expanding their viewpoint beyond threat detection towards information protection.
Implementing strict policies on encryption and where critical information resides can reduce risks associated with physical loss issues such as laptop or backup tape theft. Implementing strict authentication and access controls can reduce risks from insider threats and inappropriate access to sensitive company or customer information.   Implementing organization-wide document classification processes can provide a basic infrastructure within which information protection policies can be enforced.
As organizations enhance their network security infrastructure, they should look to technologies that go beyond threat-detection-based approaches and toward true information protection.  Intrusion prevention systems that can provide not only access controls and threat-protection, but also implement strict acceptable application usage policies and even document control policies will lead the way towards successful information protection.
The significant rise in 2007 of sophisticated, targeted threats, the continued discovery of vulnerabilities in commercially deployed software and the high-profile losses of sensitive customer and employee information are shouting out to all security professionals to expand their viewpoint beyond threat-detection and towards information protection. Organizations should consider further education for their users, new information protection policies and additional technology solutions such as intrusion prevention systems and information leakage protection solutions.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Mike Paquette

You must login or register in order to post a comment.



Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.


Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security June 2015 issue cover

2015 June

In this June 2015 issue of SecurityIs the security director business’s new “corporate rock star?” Find out how CSOs can become the new leaders of their enterprises through mentorships, partnerships and creatively adding business value. Also, learn how security professionals are training employees in cyber security through games. And why are deterrence and detection so important when it comes to thwarting metal thieves? Find out in this issue.

Table Of Contents Subscribe

Body Cameras on Security Officers

Body cameras are being used increasingly by police in cities across the U.S. Will you arm your security officers with a body camera?
View Results Poll Archive


Effective Security Management, 5th Edition.jpg
Effective Security Management, 5th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.