Even though enterprises spend millions every year on information security they still remain vulnerable to persistent cybercriminals in a world where cybercrime like ransomware is pervasive. Organizations cannot afford to do the “bare minimum” when it comes to threat analysis. As the saying goes, ” ‘close’ only counts in horseshoes and hand grenades” and not in cyber security. One breach can end up costing millions of dollars in lost business and remediation.
In many industries, information security is driven by compliance regulations and the inevitable security checklists. Checklists are without a doubt a good thing, as evidenced by the Checklist Manifesto. However, the dark side of checklists is the false sense of security they can provide when they are viewed as all that is needed, rather than as a bare minimum requirement.
Too often customers can be driven by checklists and view compliance as a goal in and of itself, rather than as a starting point towards security maturity. Relying on security solutions that simply check the boxes could result in companies having to put out fires more often than preventing them. As an example, every organization that has been in the news for the last several years for major credit card breaches was PCI-compliant.
Threat analysis is too often seen as one of those checklist items. A vendor will include a sandbox solution for threat analysis as part of their security suite and many times this will meet the minimum requirements as specified by the customer.
What could go wrong? Let’s count the ways:
At VMRay, we do one thing and one thing only. Our mission is to provide the fastest, most accurate threat analysis and detection on the market.