As security practitioners, we’re always trying to find ways to get ahead of attackers and mitigate threats before they wreak havoc in our environments. But, traditional defense-in-depth strategies rely more on reactive controls to build walls that we hope will stop attacks from being successful. However, time and again, we see news headlines proving how often and how easily these reactive approaches are defeated.
Today’s attack surface requires a different approach, focusing on preventative risk mitigation strategies that give more visibility, more context and a better mechanism to tie technical risk to business context. While reactive controls are still necessary, the more we can identify areas of risk before the attackers do and close the gaps in our defenses, the fewer attacks will take place and the more effective those reactive controls will be.
Preventative security strategies are driven by making better decisions about how, when and where to mitigate risks. In this talk, we’ll review techniques to implement within your security program that will give a better understanding of the technical and business risk across your attack surface, how to identify the areas to focus on first and ways to drive a more meaningful approach to communicating about and mitigating risks before cyberattacks exploit your weaknesses. how to identify the areas to focus on first and ways to drive a more meaningful approach to communicating about and mitigating risks before cyberattacks exploit your weaknesses.