In a series of recent articles, I’ve compared a company’s need for a cybersecurity portfolio to an individual’s investment portfolio. The same rules apply to both, with the wisest strategy being a spread of investments, diversified across asset classes, that are aligned with your present needs but adaptable to change as your needs change.
As part of that series, I’ve also been profiling individual cybersecurity solutions that can fit into a larger corporate portfolio. I’ve framed these products in terms of how they fit into the National Institute for Standards and Technology’s cybersecurity framework, which has five categories for dealing with threats: identification, prevention, detection, response, and recovery. To figure out how much your business needs to invest in each of these categories, I proposed a five-step strategic planning process for creating a balanced cybersecurity portfolio.
For this piece, I spoke with Ashley Stephenson, the CEO of Corero, to get a sense of where his company’s products fall into the larger security portfolio offerings currently on the market.
What Corero brings to the table
Corero’s offering falls in the detection and prevention categories of the NIST framework. Corero’s SmartWall® Threat Defense System is designed to prevent and eliminate the effects of distributed denial of service (DDoS) attacks on companies that require Internet service availability to conduct business, automatically, and in real-time.
Stephenson told me that Corero’s product line has evolved over the years, but the company’s current focus on DDoS began three years ago. Prior to that, Corero also offered Intrusion Prevention Systems products. “Corero has been around for over a decade, but it’s only recently that our DDoS solutions have become the exclusive product line of the company,” he said.
He told me that the reason DDoS attacks became the company’s sole focus was based on the fact that so many companies are now demanding such prevention from their service providers.
“Enterprises increasingly are interested in buying protected Internet service as opposed to raw Internet service, so they want to pay for connectivity that’s already had the DDoS removed,” he said. And they’re prepared to pay a premium. They openly will declare, yes, I will pay more for the higher quality Internet connectivity.” Corero recently validated this requirement by conducting a survey at the RSA conference.
Removal of DDoS traffic makes sense. DDoS attacks can debilitate a company, holding them hostage. Layering protection into the service provider itself, rather than leaving it on the shoulders of enterprises alone, is a way to foster greater security.
“We recognized that increasingly DDoS would be detected and mitigated by service providers, whether they be communication service providers, multi-service operators, hosting providers, cloud providers,” Stephenson said. “So our customers are in that community. They take our products and build services that they sell to enterprises. We provide the tools by which service providers can deliver DDoS protection services.”
What makes DDoS so challenging for companies is that while the attacks are commonplace, their speed, size and sophistication are always evolving.
“Customers need real-time protection against DDoS threats because DDoS threats are going to be a bit like a virus, always mutating and changing. There was no way anyone could create a one-shot solution within an enterprise,” Stephenson said. “We built a platform to keep up with these changes both in terms of the sophistication of the threat and also the speed of the threat.”
Why analytics matters
Stephenson’s approach to security is echoed in Corero’s SmartWall technology. He believes that threats are not static, so a company’s security spend shouldn’t be either. He emphasized that any product a company uses should include self-reporting and analytics so that you know how well it is performing, and can prove value and ROI against the investment – a feature included in Corero’s products. I’ve argued this type of transparency and visibility into the performance of your security products is essential for success. Analytics are crucial to our current technological moment, whether we’re talking big data or security. You need as much insight into your security products as possible.
“Just as with your financial investments, you have to regularly track your security investments and see which ones are delivering. You should constantly measure the performance of your portfolio,” Stephenson said. “The analytics that Corero products provide show you that our product is actually working in blocking the attacks. You need that feedback loop. It’s not enough to say ‘I have a breach protection product.’ Well, has it recorded any breaches? Has it stopped anything? If you can’t answer that, you have no idea whether it’s working.”
Too many companies install a product and then just assume that they’re safe. This is the wrong way to go about cybersecurity. You need to do more than just check the box. Constant monitoring and vigilance are key.
But Stephenson also echoed an idea I’ve reiterated across this security portfolio series: security is an ongoing process – you’re never done with it and there’s no way to create an impenetrable system. “The idea that your defenses are perfect is foolish,” he said.
He’s right. You’re going to face threats, but you should do your best to prevent those attacks on a scale that makes sense for your particular business and its assets. Security is like an infrastructure investment – if you build a bridge but then never invest any money in maintaining it, it will break and cause damage. You must constantly renew and ensure your investment strategy is wise and adjust it whenever necessary.
Where does a product like Corero fit into your larger cybersecurity spend?
As I’ve reiterated throughout this series, there’s no one-size-fits-all solution for cybersecurity. Each business has its own assets and needs, and should therefore create a portfolio for security that is just as unique. Obviously, a business that is highly susceptible to DDoS attacks would want to invest more in products that proactively protect it against them, than one without such high risks – like a business with few crown jewels, or a need for continuous service availability. But DDoS is an evolving threat, with varied motivations, and a threat to every company. Therefore, evaluate your strategy to avoid DDoS attacks, whether choosing a service provider who removes DDoS traffic before it gets to you (which is the approach taken by Corero) or looking at other DDoS protection techniques. Addressing growing and morphing DDoS is a vital consideration when creating your cybersecurity strategy.
