How Foundational Prevention Fills in the Gaps of Threat Detection

Digital threat detection isn’t as easy as it was more than a decade ago. The threat landscape no longer evolves slowly in pace with signature-based malware. It moves quickly and thereby complements the rate at which new software flaws are discovered and computer criminals exploit those weaknesses to compromise vulnerable systems.

At the same time, advanced persistent threats (APTs) render pattern-based approaches and blacklisting less effective in developing protections for a wide pool of users. That’s because APTs customize their malware to hone in on a single target. In response to a one-target campaign, more traditional detection methods can’t use a “patient zero” to help secure others.

Attackers also have access to an increasingly diverse arsenal of sophisticated tools that they can use to remotely control systems, steal corporate data, and evade detection. For instance, bad actors can make use of zero-day threats and social engineering to bypass organizations’ layers of security. They can then hide within plain sight amidst the noise of innumerable security events and carry out their malicious activity.

The speed, sophistication, and stealth of digital threats today reframe detection as a “downstream” or reactive approach to security. Organizations can no longer rely on detection alone to fully protect themselves. They need something more.

That’s where foundational prevention comes in.

Foundational prevention is a proactive approach that enterprises can use to block computer criminals and limit their nefarious activity. It helps organizations identify the systems on their networks, determine if they can harden them, and detect when changes have occurred. Foundational prevention underscores these three objectives with its focus on foundational security controls such as asset discovery, security configuration management (SCM), file integrity monitoring (FIM), vulnerability management (VM), and log management.

Here’s how foundational prevention picks up where traditional detection leaves off:


An attack surface constitutes all the ways an attacker can get into an organization’s systems. Detection doesn’t work to block an attacker’s entry into a corporate network. But foundational prevention does just that via two security controls. First, it leverages asset discovery to help companies build and monitor inventories of authorized and unauthorized devices and software. Security teams can then designate secure configurations for and manage the states of all authorized hardware and software.


In some important areas, foundational prevention helps improve the effectiveness of detection methods. Such a strategy can share endpoint telemetry and attack forensic data with security information and event management (SIEM) solutions, for instance, to help reveal risks associated with known vulnerabilities and/or breaches. Indeed, security teams can use the controls of continuous vulnerability assessment and log management to respond faster to potential digital security threats.


Foundational security controls together make up a multi-layered approach that organizations can use to identify malicious activity wherever it is. As such, they can leverage foundational prevention to protect email and web browsers, implement malware defenses, and oversee the use of network ports, protocols, and services.


Organizations shouldn’t just focus on traditional methods of detection such as signature analysis as means of protecting themselves against computer criminals. They should also invest in foundational prevention to deny computer criminals’ entry and block any nefarious activity should those bad actors happen to get in.

This back-to-basics approach usually proves less expensive than the costs associated with recovering from a security event. At the same time, foundational security controls can help contribute to organizations’ holistic threat stance and deliver the flexibility to adapt and change.



via:  tripwire

Save pagePDF pageEmail pagePrint page

Leave a Reply

Your email address will not be published. Required fields are marked *