"Don’t buy technology to detect" Come again?
A SecTor keynote presenter put forward something close to that line in a PowerPoint slide.
Don't buy technology to detect
I didn’t get all the details down given I was trying to zero in on his line of thinking once I read such a startling suggestion.
He did provide his reasoning (which was derived from surveying business consumers of security solutions). The gist of it was that companies were deploying detection technologies (aka SIEM/log management products) and were unable, technically or resource wise, to handle the added compulsorily work load spiked by the enhanced visibility.
Paraphrasing, he further suggested that companies should purchase products that do something, not ones that only do detection. He cited examples of business consumers whom lack knowledgeable staff to understand the alerts detection systems produce and ones unable to tackle the volume of alerts. I think we all can get that.
But is this really a practical suggestion? Prevention (i.e. tools that do something) is great, but detection is King! The conjecture to skip detection tools in favor or tools that do something is weak, especially if the data you are protecting has value.
How about the World Bank as a good example? It reads like they made prevention King and detection something much less.
“He cited examples of business consumers whom lack knowledgeable staff to understand the alerts detection systems produce”
That’s actually kind of scary. Either send current staff to training so that they understand the alerts, or hire someone that’s already competent. Incompetent staff shouldn’t be a reason to not use a useful technology.