{"id":325,"date":"2017-07-24T13:33:49","date_gmt":"2017-07-24T13:33:49","guid":{"rendered":"http:\/\/securitycurve.com\/?p=325"},"modified":"2017-07-24T13:33:49","modified_gmt":"2017-07-24T13:33:49","slug":"new-methods-are-great-not-an-excuse-though","status":"publish","type":"post","link":"https:\/\/securitycurve.com\/?p=325","title":{"rendered":"&#8220;New Methods&#8221; Are Great.  Not an Excuse Though."},"content":{"rendered":"<p><a href=\"https:\/\/securitycurve.com\/wp-content\/uploads\/2017\/07\/65527103.jpg\"><img decoding=\"async\" class=\"alignright size-medium wp-image-326 lazyload\" data-src=\"https:\/\/securitycurve.com\/wp-content\/uploads\/2017\/07\/65527103-300x300.jpg\" alt=\"\" width=\"300\" height=\"300\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 300px; --smush-placeholder-aspect-ratio: 300\/300;\" \/><\/a>This morning I came across <a href=\"http:\/\/searchhealthit.techtarget.com\/video\/Anything-but-healthcare-next-generation-cybersecurity-tools-will-not-do\">this article<\/a> over at TechTarget (SearchHealthIT). \u00a0It&#8217;s about a healthcare shop in California and their approach to security. \u00a0It&#8217;s an interesting read and the gist is that this particular shop, by virtue of their conclusion that &#8220;traditional cybersecurity technologies aren&#8217;t effective&#8221;, is embracing &#8220;next gen&#8221; tools instead. What are these next gen tools? \u00a0 They say they include microsegmentation and endpoint protection (via Cylance).<\/p>\n<p>So, the thing I want to point out about this is something that I think is probably obvious to most folks that have been in the field for a while, but that might be a trap for those that haven&#8217;t. \u00a0Specifically, that &#8220;new methods&#8221; is great &#8211; and absolutely, I agree with the conclusion that some legacy methods (e.g. perimeter defense, network monitoring, etc.) are less effective nowadays than they used to be. \u00a0That said, getting on the bandwagon of the &#8220;<a href=\"https:\/\/www.youtube.com\/watch?v=ha-uagjJQ9k\">new hotness<\/a>&#8221; isn&#8217;t an excuse to not do the fundamentals.<\/p>\n<p>The reason I&#8217;m calling this out specifically is that, as anybody who has had anything to do with security at an institutional healthcare provider knows, the track record for security in healthcare is&#8230; well, let&#8217;s call it &#8220;suboptimal.&#8221; \u00a0So here&#8217;s the thing: it&#8217;s all good to get on board with new methods. \u00a0I totally support that. \u00a0But not if it&#8217;s coming as an excuse to not do the bare minimum blocking and tackling required to keep the shop humming. \u00a0In other words, the position to eschew the past and go full bore on new models is one that I respect, and I think is awesome. \u00a0However, it&#8217;s not an excuse to underinvest in controls that you might have failed to implement in years past&#8230; \u00a0Note that I&#8217;m not implying that&#8217;s what this shop is doing. \u00a0Just pointing out that there&#8217;s a danger. \u00a0And it&#8217;s tempting to cover up sins of the past with a story of &#8220;we&#8217;re not doing that anyway.&#8221;<\/p>\n<p>The trap comes about if you&#8217;re not keeping to a reasonable bar, there&#8217;s plenty of opportunity for armchair quarterbacking down the road. \u00a0So don&#8217;t do that, k?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This morning I came across this article over at TechTarget (SearchHealthIT). \u00a0It&#8217;s about a healthcare shop in California and their approach to security. \u00a0It&#8217;s an interesting read and the gist is that this particular shop, by virtue of their conclusion that &#8220;traditional cybersecurity technologies aren&#8217;t effective&#8221;, is embracing &#8220;next gen&#8221; tools instead. What are these [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4],"tags":[62,63,65],"class_list":["post-325","post","type-post","status-publish","format-standard","hentry","category-security","tag-healthcare","tag-heathit","tag-hit"],"_links":{"self":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/posts\/325","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=325"}],"version-history":[{"count":0,"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/posts\/325\/revisions"}],"wp:attachment":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=325"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=325"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=325"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}