Quick Links

< Back

Security : Data Breach :   :  

Time for Grown-Ups To Run IT Security

By Philip Lieberman
Philip Lieberman
Lieberman Software

The latest repeats of the massive data breaches seen at Target and other major retailers should be proof that existing “detect-and-respond“ perimeter security solutions are utterly ineffective. The lesson learned by these companies is that their expensive next-generation firewalls and threat analytics/SIEM systems are worthless against the current breed of attackers.

The challenge today is that politically expedient, plug-and-play perimeter protection has failed. Senior management must now do what they failed to accomplish over the last decade: take a real leadership role in IT. Often this means forcing corporate IT security to adopt technologies and processes that require a breakdown of existing political power bases within the company. In effect, it's an act of creative destruction that reorganizes the company's operations along military lines of information compartmentalization. The necessary systems are purpose-built to be resilient against attacks.

Until now IT and senior management have been able to ignore security fundamentals by buying into the inadequate detect-and-respond technologies recommended by analyst firms. In addition, they are completing make-work exercises for outside auditors to prove they are secure. The stark reality is that these prevailing best practices and recommended solutions are a modern replay of "the emperor has no clothes." The headlines are proof that neither IT nor senior management can ignore the fact that a lack of internal security makes them sitting targets for exploitation. Even the excuses that they did what the analysts recommended or as they were requested by their auditors hold no weight, nor do they provide a safe harbor for the company. Ask Target how well the solutions recommended by their analysts and auditors worked; then ask Home Depot, Goodwill and all the rest.

The Cat is Out of the Bag

Any security framework that doesn't address the internal vulnerabilities of corporate IT is a failed strategy and a gigantic waste of money. Today we see IT professionals starting to back away from legacy technologies and analyst-recommended solutions, since these are proving toxic to their companies and to their careers. But it will take strong senior leadership to fix the current debacle of weak internal security, and there are no "get out of jail free" cards from auditors or the analyst community. IT knows this as pointed out by our survey and is looking to senior management to take a leadership role in guiding their companies out of the security mess that's been allowed to build during the last couple of decades.

For additional research on this subject matter, see this report by FireEye and Mandiant: A Real-World Assessment of the Defense-in-Depth Model.


Philip Lieberman
Lieberman Software

Philip Lieberman, noted cybersecurity expert and founder/president of Lieberman Software, has more than 30 years of experience in the software industry. In addition to his proficiency as a software engineer, Lieberman developed the first products for the privileged identity management space, and continues to introduce new solutions to resolve the security threat of privileged account credentials.   He is frequently quoted by industry news organizations as well as mainstream media and has published numerous books and articles. 

Advertise your product/service here!
About Us Editorial

© 2019 Simplex Knowledge Company. All Rights Reserved.   |   TERMS OF USE  |   PRIVACY POLICY