Cybersecurity and why it’s challenging: the limitations of detect-and-respond

Share on facebook
Share on twitter
Share on linkedin
Share on email

Many of us welcome Labor Day for the extra time off from work, but for cybercriminals, it’s an opportunity. As we’ve seen with the recent surge in high-profile, high-impact attacks, malicious actors are increasingly taking advantage of holiday and weekend quiet time to get a head start, exploiting networks while defenses are down or at limited capacity, as the FBI notes in a recent threat overview.

The FBI’s alert about recent holiday targeting and ransomware trends is a useful reminder for businesses large and small: time to reevaluate your cybersecurity strategy and step up your game. In seeking stronger protection for their networks and data, however, companies may be tempted to go along with a conventional approach. This means choosing a solution that focuses on remediation. It means picking a product that promises to detect any and all breaches as they occur and then respond, swiftly, to minimize the damage. And there are issues with this approach. 

Detect-and-respond essentially focuses energy and attention on catching any and every conceivable bit of malware that criminals can dream up to make sure nothing gets through. We call this eliminating the false negatives. The flip side to this, unfortunately, is that this can lead to a lot of false positives, where the system thinks it’s being attacked when in fact something else is happening — an innocuous software malfunction, say — triggering a chain of events that is disruptive and costly. Shutting things down and investigating a possible breach affects productivity and eats into your bottom line, every time. The more sensitive a detect-and-respond system is in an effort to zero out the false negatives, the more false positives you’re likely to experience.

For over 20 years, Blue Ridge Networks has been going against the grain, by focusing on prevention. Our products essentially lock down specific network and system features and capabilities that are known to be vulnerable to exploitation. They isolate critical equipment and assets and keep them tucked away in their own safe spaces — what we call “cloaked enclaves” — rendering them undiscoverable. Hackers don’t attack what they can’t see. 

More and more of our competitors are warming to this approach, and it’s no wonder; while the bulk of the cybersecurity industry remains firmly in the detect-and-respond camp, the bad guys are winning. At Blue Ridge Networks, we shut them down before they have the chance.

Learn more about our cybersecurity solutions at blueridgenetworks.com.