When Good Enough Is Not Good Enough: Security vs. Compliance

The “Good Enough” Approach to Cyber Security

More often than not, organizations leverage regulatory compliance frameworks and guidelines as a way to go about driving initiatives to mitigate cyber security risks. On top of the provided set of criteria around required controls, frameworks and guidelines provide direction and a baseline that can be unequivocally verified. This makes them very straightforward to implement.

These regulations are designed to ensure a high adoption rate by organizations of all sizes. Regulations, however, are broad and subjective. The hard truth is that meeting compliance with regulations is the bare minimum required for a company to continue to do business within an industry. While some companies don’t see cyber security as a strategic, competitive advantage to be more effective from a business standpoint, the companies that do end up seeing savings from operational efficiency – all while reducing the potential for negative impacts to the business. It should be noted that in practically every major breach reported by the media, “good enough” security controls were in place and, where applicable, regulatory compliance requirements were met.

Companies that take a proactive stance towards cyber security often see some big benefits when responding to an incident. When a company learns it has been breached – and sooner or later every company will – they have to spend time and money to respond to and contain the incident. The more limited the company’s incident response capabilities, the longer it takes to respond and contain, and the costlier the breach becomes. To make matters worse, cyber security insurance plans don’t always cover all of the costs associated with a breach. Ask this question: What is the cost if an attacker compromised the most valuable assets to the company (intellectual property, trade secrets, personal data, etc.)? That is ultimately what organizations stand to lose with just “good enough” cyber security.

Rising Above “Good Enough” with FireEye

FireEye solutions are embedded with insights gained from Mandiant incident response investigations and iSIGHT Threat Intelligence, and is augmented through the use of applied analytics and machine learning – a potent combination that enables us to provide increased detection and protection capabilities for our customers, which they can use to enhance their security operation’s ability to respond to and prioritize incidents. Perhaps most importantly, FireEye helps mitigate the risks that are most likely to hinder business operations and hurt a company’s reputation.

Specifically, FireEye Endpoint Security has a variety of customization options that enable security teams to collect forensic artifacts, thus reducing incident response time and providing more time for team members to focus on other tasks such as proactive hunting and scanning for anomalies across the enterprise infrastructure. Even better, Endpoint Security has the ability to perform this task automatically and on-demand.

One way that security team members can use FireEye Endpoint Security to carry out proactive hunting is by leveraging the Enterprise Search feature, which provides increased visibility of endpoints deployed across the entire enterprise both inside the network and outside the network. Not only does this feature allow for security teams to perform proactive hunting, but it also enables fast incident response at scale without impacting end users.

FireEye Endpoint Security also provides security teams with the ability to effectively contain hosts inside or outside the network, allowing for controlled communication and interaction with the remote host, all the while ending any command and control activity and data exfiltration. The containment can be tied to custom workflow and triggered via API integrations.

All FireEye solutions provide native integration with other FireEye platforms leveraging APIs, and they also allow for flexibility with third party integrations. FireEye solutions are enterprise grade and provide accelerated time to value by offering flexible deployment options (Hardware appliance, Virtual appliances and Cloud) that are quick to implement. To make operations even more efficient, FireEye Jumpstart services can help security teams more quickly hit the ground running, and our FireEye Managed Defense team can assist and augment response to major threats and incidents.  

Every day at FireEye, we see firsthand the impact of cyber attacks on real people. Our mission is to relentlessly protect our customers from the impact and consequences of cyber attacks. And our fundamental belief is that hands-on frontline expertise and intelligence, combined with innovative technology, provides the best means to protect our customers from these threats.