Session: The Desensitized Cyber Market in today’s Overheated Breach Reality
If you didn’t have to play by the rules, and you only had to be right once to succeed, wouldn’t life be so much easier? That’s the advantage that modern hackers have over security practitioners, so it shouldn’t be surprising that they’ve been successful in what have been some of the largest cyber attacks in history. The recent SolarWinds breach is hardly the only example of successful attacks wreaking industry-wide havoc [https://email@example.com/dependency-confusion-4a5d60fec610].
The truth is: the security community is often not surprised by these attacks, for that exact reason above. So why hasn’t the community rejected the status quo and moved to a new approach to tip the scales back in favor of the good guys? When attackers only need to be right once, we have to begin assuming that they will be right – and start stacking the odds against them.
By presuming that hacker is already inside, it simplifies the challenge of trying to keep predators out, and changes the defensive mindset to focus redirecting threats from critical assets and detecting their movement. When organizations start from the presumption that they have already been compromised, they can instead focus on actively seeking out threats that are already on the inside and make security decisions deterministically.
When presuming that an organization has been breached but not yet suffered a loss of data, or intellectual property, security professionals can take steps to create an environment that is hostile to the attacker. The longer it takes for the attacker to reach their goal – whether that’s harvesting credentials, moving laterally to further map the network and find desirable assets, or bypassing security controls – the better the defender’s chances of detecting them.
In this session, we’ll explore the challenges of marketing a new approach to security – A diversified threat detection strategy based on Active Defense. Attendees will be privy to marketing an innovative security solution to a crowded and noisy market and selling to a skeptical security professional.
- Security needs to change.
- We have to shift to an offensive position and put the attacker on defense.
- We have to assume compromise, because attackers will get in.
- Having a diversified threat detection strategy has never been more critical.
Claire is a Silicon Valley native with over 25 years of sales, marketing, and business development experience across Fortune 500, mid-sized growth, and early stage start-ups. Claire began her career at Oracle, where she led an Enterprise sales team and then spent over 17 years at Cisco leading various marketing teams in the field, channel, and demand generation functions. Claire has led marketing for cybersecurity companies like Fortinet, InfoSec Global and Lastline. At Lastline, Claire was tasked with positioning the company from an OEM sales model to selling network detection and response into the Enterprise, which ultimately led to Lastline’s acquisition by VMWare. Claire has been the recipient of CRN’s Channel Chief, Women of the Channel, and Power 100 awards.