The cybersecurity field is still relatively new and has been evolving as technology advances. Every decade or so, we have an advance or two that seems to change the game.
For example, in the 1990s we were focused primarily on “perimeter defense”. Lots of money was spent on perimeter devices like firewalls to keep the bad guys out.
Around 2000, recognizing that perimeter defense alone was insufficient, the “defense in depth” the approach became popular, and we spent another decade trying to build layers of defense and detect the bad guys who were able to get past our perimeter defenses. Again, lots of money was spent, this time on intrusion detection, intrusion prevention, and end-point solutions.
Then, around 2010, following the lead of the U.S. government, in particular, we began to focus on “continuous monitoring”, the goal was to catch the bad guys inside the network if they get past the perimeter defense and the defense in depth. Security information and event management (SIEM) technology have emerged as the best way to handle this continuous monitoring requirement.
The latest buzz phrase is “active defense”, which refers to the ability to respond in real time through a dynamic and changing defense that works to contain the attacker and allow the organization to recover quickly and get back to business. We are starting to see the re-emergence of honeypots combined with sandbox technology to bait and trap attackers for further analysis of their activity.
As the cybersecurity field continuously evolves to meet the latest emerging threats, each new strategy and tactic brings with it a new set of terminology and concepts for the security professional to master.
One thing is common throughout this brief historical survey: the bad guys keep getting in and we keep responding to try and keep up, if not prevent them in the first place. This cat-and-mouse game will continue for the foreseeable future.