From all of the security controls an organization could deploy, which one do you feel adds the most actual value for day-to-day information security and why?
It’s a good question, but one that ultimately becomes very difficult to answer because every organization, and indeed every department is likely to have very different requirements and threats. For example consider a static environment, such as the ATM network for a financial institution and the likely answer will be whitelisting but for your home computer? Probably not!
Considering the concept of value then the question becomes what security control can not only increase the security posture of an organization, whilst also reducing the operational cost of management? Whilst there is likely a use case for every control adding value, there is nothing more powerful than the ability for controls to work together, and present an orchestrated defence. What this means is that threat information can be shared across all controls, but then allow the organization to learn from the attack but respond in real-time.
Admittedly this may not entirely answer the question, but simply put every control will have the own merits, and indeed drawbacks. Building security is not achieved by individual products, but indeed by the development of a security solution that not only includes a defence in depth model, but also training of staff, adding monitoring systems to ensure the controls work, and adapt to an evolving threat landscape.
Raj Samani | McAfee | EMEA CTO | @Raj_Samani
To find out more about our panel members visit the biographies page.