‘Set and Forget’ Is Lazy Security
- “Set and forget” is a lazy approach to endpoint security that provides an opening for attacks traditional defenses won’t detect.
- Active endpoint security requires investing in tools, learning how to use them effectively, and retraining security teams to change their old “set and forget” habits.
“People shouldn’t fool themselves that something hasn’t happened on their network. It’s happening, but being blind to it is what gets you in the news.”
As head of information security & data protection officer for Matrix Medical Network, Dr. Rebecca Wynn is responsible for assuring compliance with regulations related to personal identity and health information. Just as importantly, she must protect data and systems against any kind of breach that could seriously hurt the business. To accomplish that, she oversees a defense-in-depth strategy that includes endpoints and continuous monitoring. She is also a strong believer in active threat management. “I hate ‘set and forget,’ or checkbox risk management. All that does is let the security team sit back and say, ‘Hey, the bells and whistles didn’t go off, so I don’t have a problem,’” she says. Wynn believes this lazy approach to security provides an opening for attacks that traditional defenses won’t detect.