Why Data Protection Programs Fail

Amit Yoran, the former head of cybersecurity for the Department of Homeland Security, says many data security programs today are failing because companies aren’t preparing for the unknown threat. What can companies do about it?

In an article on the Data Storage Connection website, Yoran, currently the CEO of Netwitness, argues that most of the recent high-profile data breaches share some attributes in common.

“Typical security investments focus on detection of a specific problem set, known issue or threat, and may not be providing your organization with a way to find the tricky unknowns like ‘designer malware,’” Yoran says. “Also, once you receive intelligence or an alert regarding an anomalous event, you must move beyond log files and statistical estimates to analyze the deep content and context contained in the specific network evidence to determine your next course of action and move quickly to investigation and remediation.”

How can you decrease the likelihood of your security program failing? Yoran says there are both technologies and frameworks out there to improve your program. He says the program should have three primary objectives, including:

1. Decrease the focus on regulatory compliance and increase the focus on improving security operations. The bottom line is the real results you can show, not in checking boxes.
2. Pay closer attention to what is happening on your internal network. Stop worrying so much about the perimeter and look inside your network for the weaknesses and for the places where you already may have problems.
3. Use an evidence-based approach to network monitoring. Augment signature and statistical approaches with techniques that examine all the network traffic.

“Security program failures can be lessened by increasing the focus on operational security, particular with respect to internal security issues and deeper visibility into the behavior of users, systems and processes,” he adds.