Cat and mouse: Understanding the security industry’s failure to stop cyberattackers

Have you ever watched a cat stalk its prey? First, it identifies a target and lies in wait, quietly, hidden from view, observing the behavior of its victim. Minutes can go by as it bides its time, just watching. The mouse or squirrel or bird continues to do its thing, seemingly oblivious to the fact that it’s being tracked.

Suddenly, the cat pounces, certain to claim its victim. However, more times than not, the prey scurries away just in time as if it knew the cat was lurking in the bushes the whole time. In an instant, a sure kill is averted as if the prey planned it that way all along.

This game of cat and mouse is a back-and-forth battle that can change course at any time. You think the cat has the upper hand and, bang, the mouse escapes certain capture to live another day. Unless it doesn’t. Whoever stays one step ahead usually wins.

Cybersecurity today feels too much like a game of cat and mouse. Vendors create a signature of a known threat, identify it, and block it. But once exposed, attackers simply tweak some code and relaunch the attack. Security teams then need to react again, starting the process all over again. Wash, rinse, repeat.

Who is the cat and who is the mouse is a discussion for another day. But either way, it’s clear that the game is rigged against enterprise security professionals. Even if threat detectors catch an attack relatively early in the process, casualties are a given. There has to be a patient zero in order to stop future attacks. This puts security professionals on the defensive, reacting to emerging threats in order to mitigate the damage resulting from the inevitable successful attack.

This approach is expensive and ineffective. Security teams implement and manage myriad point solutions, each intended to address a specific security threat. Yet, success is defined not by attacks that are averted, but by how quickly and effectively successful attacks are contained.

Here are some challenges that cybersecurity professionals face every day as a result of this never-ending game of cat and mouse.

Challenges of Existing Email and Web Security Technology

Detection-Based Security:

• Administrators must know which websites to block and which to allow.
• Websites often become malicious overnight.
• Only known threats are identified, while unknown threats skate through.
• A fair number of false positives and false negatives are generated, putting strain on the help desk.

Detect and Respond:

• The sheer volume of event data makes it difficult to find, analyze, validate, and correlate true positives.
• Most breaches take more than a month to discover.
• Strapped resources mean that cybersecurity teams cannot evolve as fast as attackers.
• Visibility into user web browsing and email behavior is required.

Additional Challenges

• Security staffing shortages: According to ISACA, 59 percent of organizations have unfilled cybersecurity positions because of the simple fact that there aren’t enough people learning how to plan, manage, integrate, and optimize security devices and strategies.
• Unpredictable end users: End users remain the weakest point in the environment, and they are easily manipulated and distracted. Security awareness training is an important piece of any security program, but it goes only so far.
• The same ol’ paradigm: The cloud offers IT organizations an opportunity to transform how they deliver services to the business. Unfortunately, when it comes to security, IT organizations aren’t taking advantage of the cloud’s benefits. Most are simply moving their on-premises security solutions to the cloud—essentially moving the problem from one data center to another.

The only way these challenges can be effectively addressed is by completely reimagining how enterprises approach web and email security. But what will that approach look like?

Read more in our Definitive Guide to Internet Isolation .