In this session I will discuss three cyber security myths that you hear at almost every security conference. Not only are these myths misleading but they actually cause harm when it comes to how organizations can protect their networks. For each myth I will provide background and how the myth was adopted/accepted as something true. I will then go into a case study or example of such cases and finally show how SASE and ZTNA help solve these issues.
The first The attacker needs to be right only once, the defenders must be right all the time. This one is the one I probably heard the most times. This myth not only portrays an attack lifecycle as something simplistic – it is also completely wrong and misleading! I will show several examples of how attacks I have investigated actually were conducted and the steps threat actors take. To do this I will show the MITRE ATT&CK framework and paint a clear picture of an attack timeline. We will reach the conclusion that the truth is opposite – the attacker needs to be right all the time and we have many chances to detect them!
Second – The more security products – the better security. This myth originated from the “layered security” approach. The problem is that today organizations have an average of 50-80 security products and the poor SOC analysts have to sit and try and integrate products, correlate data from different systems, learn and manage many point solutions… instead of doing actual security work! What happened over the years is that instead of adding muscle – we added fat! All these products don’t help the security teams, they burden them! I will show examples of attacks that specifically targeted point solutions and went undetected. I will also show how the right architecture helps security teams as today with all the threats it’s not like finding the needle in the haystack – its finding a needle in the needle stack.
Last but not least – Sophisticated threat actors use sophisticated tools. Take a look at all the major breaches – RSA, Sony, AP, DNC, Colonial and more – the attacks were initiated with relatively simple measures! What they did is abuse privileges once passwords were collected and whether it was a supply chain vector, a direct phishing or even social engineering, the attackers were able to freely discover and move across the target’s network. We will see how attackers overcome security solutions like 2FA, Device ID and sandboxes and how the move to the cloud provides defenders the paradigm shift they need to change the way they do security