There is a lot of confusion in the market today when it comes to security products, according to Cisc Sourcefire Cloud technology and strategy senior vice president, Oliver Friedrichs.
Friedrichs said businesses are increasingly looking for advice on what products to use, such as what solution to use if they get hit with a threat and uncovering how the threat got into the system in the first place.
"There are also multiple domains now, such as mobile and Cloud, adding to the confusion, not to mention multiple operating systems," he said.
"In the past, we used to have one with Windows, but now there is Android, iOS, Linux and Cloud based solutions."
By focusing on the core threat lifecycle, Friedrichs said that helps to "clear the air" and dispel some of the confusion that has formed about what solutions can be used and what they do.
He adds that businesses should focus on core threat prevention in order to solve the problem, as the threats are getting through.
"It is really the threats we should be concerned about, and not this superfluous and peripheral technology," he said.
Pitfalls of antivirus
Friedrichs said the threat lifecycle begins with doing a lot of work up-front to prevent threats from getting in the first place.
"We can deploy firewalls to reduce attacks, to limit applications or stop certain parts from getting access," he said.
Patch management can also help to reduce the attack and limit the exposure.
"There is a lot of technology and spend in the initial phase, and resellers still sell a lot of products in that area," Friedrichs said.
Technologies such as antivirus are often associated with attack prevention, but Friedrichs said that 50 per cent of the time they typically do not work.
"Talk to the average enterprise and they will tell you that antivirus is not working," he said.
Intrusion prevention systems (IPS), on the other hand, are designed to detects intrusions and stops attack them, whether they are known or unknown.
In the event a company gets breached, research and analysis needs to be carried to find out what went wrong, but Friedrichs said that this step has not really been "productised" by anyone.
"Following Sourcefire's acquisition of Immunet, this is an area we have been focusing on in the last two and a half years," he said.
Sign up for Computerworld eNewsletters.