Gartner: Firewalls and AV no longer enough

Time for end users to switch focus from blocking attacks to accepting they will be compromised and planning a response, market watcher argues

Gartner has questioned the effectiveness of firewalls, anti-virus and other traditional preventive controls, as it called for end users to shift their emphasis from blocking to responding to attacks.

Such a change in mindset will be necessary if large organisations are to fend off the new breed of "aggressive cyber-security business disruption attacks" that are becoming more prevalent, Gartner said.

The analyst defines these as targeted attacks designed to cause widespread business damage. This may see servers being taken down completely or digital intellectual property being released on the web by attackers, for instance, and may lead to staff being unable to fully function normally for months.

Rather than focusing on blocking and detecting attacks, end users should accept the inevitability of a breach and plan how to respond, Gartner distinguished analyst Paul Proctor said.

"Entirely avoiding a compromise in a large complex organisation is just not possible, so a new emphasis towards detect-and-respond approaches has been building for several years, as attack patterns and overwhelming evidence support that a compromise will occur," said Proctor.

"Preventive controls, such as firewalls, anti-virus and vulnerability management, should not be the only focus of a mature security programme. Balancing investment in detection and response capabilities acknowledges this new reality."

As a consequence, by 2018, 40 per cent of large organisations will have formal plans to address aggressive cyber-security business disruption attacks, up from zero per cent today, Gartner said.

Gartner's views echo statements made last year by a prominent executive at Symantec, who admitted the anti-virus technology Symantec built its fortunes on was "dead" and that the vendor needed to focus less on protection and more on defending and responding. This shift in emphasis also emerged as a key theme of last year's Infosecurity Europe show.