3 min read

The Right Balance of Proactive and Reactive Security

March 03, 2016

The security of your network and the data it contains is critical to your business.

But what is the best way to protect these threats that can damage your reputation, lose your intellectual property, compromise your competitive advantage and leave holes in that hard-won trust that your business needs to succeed?

Proactive Vs Reactive Security

Visibility and control

Visibility and control of the network are the cornerstones of effective monitoring and management.

A reactive approach to security ensures that by monitoring events you can detect and deal with threats effectively as they arise with the necessary speed to reduce impact.

Policies and procedures

The proliferation of devices that connect to your network, however, has exaggerated further its potential vulnerability to malicious attack.

To counter this it is vital that there are policies in place and strictly enforced procedures to minimise this heightened risk. By being proactive you are able to assess potential risks and work to minimise them or eliminate the risk before an incident.

The only constant is change

Where cyber threats are concerned the only constant is change, something which is all the more important with the heightening of potential risks in the past few years, something which is only set to continue.

To deal with this you need a cybersecurity solution that can dynamically adapt to the changing threats but also works iteratively to increase your protection and decrease your risk of exposure.

In the real world

In the real world distinctions between proactive and reactive begin to intersect and overlap – so much so that it can become no longer clear which is which.

What is important, though, is that your security is operating effectively in both reactive and proactive ways. It is no longer enough to quickly apply the patches that are released in response to detected vulnerabilities in software on your network. Whilst you need to be ready to respond to a breach when it occurs (and with 9 out of 10 large organisations suffering some form of attack, it will), steps also need to be in place to minimise the scale of these breaches in the first place.

Ultimately, the reactive approach leaves too many risks open to be a viable solution by itself. You need procedures in place that can constantly monitor and respond to successful attacks against any systems that have not yet been patched.

Here the distinction between a proactive and reactive security policy breaks down: you proactively create a procedure for reacting to unknown vulnerabilities.

Increased risk

In an environment characterised by complexity and number of applications and devices using your network it has never been more important to base your security on the bedrock of best practice. It has also never been more crucial to apply this best practice to absolutely everything on your network.

This, inevitably, calls for automation. Vulnerability assessments can systematically and automatically scan remote systems and networks to identify security risks.

Reactive security is not enough

It is no longer enough to simply react to threats – no matter how well you do it. As a result the question is not proactive vs reactive security, but how the two can be implemented alongside one another effectively.

Your security policy, network monitoring and procedures should all proactively reduce the risks your network is prey to, as well as preparing for a dynamic, fast reaction in the case of a breach.

The costs of not doing so are simply too high to ignore.

Subscribe to the LAN3 Blog

Topics: Security

Written by Paul Sweeney