Solve Old Security Problems First

Addressing the challenges of how to better defend against and more rapidly detect data breaches involves much more than buying the latest technology, says security expert Haroon Meer.

"We are hyper-obsessed with the latest [technology], and so, as an industry, we get pretty caught up in just about whatever the industry is selling," says Meer, who heads Johannesburg-based security firm Thinkst Applied Research.

Meer delivered the opening keynote speech at the recent Black Hat Europe 2015 briefings, focusing on how self-defeating behaviors can sabotage information security professionals' ability to do the right thing (see 5 Secrets to Security Success).

"We keep moving on as we try to solve new, shiny problems, which we then half solve, but we still haven't completely solved problems that we knew about 20 years ago. And we are still getting actively taken out by those old problems," Meer says in an interview with Information Security Media Group. "So in the end you end up with an enterprise full of half-implemented solutions, which half-protect you from something, and that sort of half-protection doesn't hold up against determined attackers."

In this interview (see audio link below photo), Meer also discusses:

Basic security defenses, such as segmenting networks and restricting admin-level rights, that too many organizations still lack; The importance of focusing on breach-detection speed; Customizing security to fit each organization's requirements.

Meer is the founder of Thinkst Applied Research. He previously served as the technical director and CTO for information security consultancy SensePost. Meer has contributed to books on information security, published a papers on various information security topics and regularly makes presentations at conferences around the world.