Bromium is a company with a new antivirus mousetrap, so it will try to make old mousetraps look, well... old.
However, they do point out correctly that traditional antivirus is starting to get smelly. They are repositioning antivirus as "detection" tools and present themselves as "prevention", which in itself is a bit of a cheesy marketing tactic.
Their recent survey showed confidence is waning in traditional detection-based security solutions, such as antivirus and firewalls. Instead, interest is shifting toward prevention-based security solutions, such as endpoint threat isolation. However the number one worry had nothing to do with technology.
Users are the Greatest Risk To The Organization
When asked, “which do you feel are the greatest areas of risk to your organization?” the overwhelming response was the user, which makes sense considering their tendency to click on anything, open anything and circumvent security controls that they find restricting.
Less confidence in legacy detection solutions - An overwhelming majority of respondents (92 percent) said they have lost confidence in the ability of traditional endpoint protection solutions, such as antivirus and white listing, to detect unknown threats like zero-day attacks. Additionally, 78 percent believe antivirus is not effective against general cyber attacks.
Endpoint threat isolation is most effective - When asked to select from a list of security solutions, information security professionals said they consider endpoint threat isolation the most effective solution at preventing cyber threats (58 percent). Nearly one-third said network-based solutions are effective; 28 percent have faith in intrusion detection/intrusion prevention (IDS/IPS); and 27 percent think network sandboxes are effective.
Prevention is the foundation of security - A majority of respondents (58 percent) believe that prevention, such as hardening and isolating systems, is the most foundational aspect of security architecture, compared to 23 percent who cited detection, 16 percent who cited response (investigation/remediation), and 34 percent who said predictive analytics.
The IT pros surveyed correctly observed that prevention is the most important. Remember the old expression about an "ounce of prevention". It's obvious that effective security awareness training should be an important part of your security puzzle, and gives you a lot of bang for your security budget buck
Combined on-demand, web-based training and frequent simulated phishing attacks are a great way to keep your end-users on their toes with security top of mind. Find out how affordable this is for your organization and be pleasantly surprised.