Organisations should ensure that in layering various security controls, the degree of alignment is not too great, warns McAfee CTO
A lower degree of alignment between the various threat defences deployed by organisations can deliver better defence, according to Steve Grobman, senior vice-president and CTO at McAfee.
“This is what I call the threat defence correlation paradox,” he told Computer Weekly, saying that if an organisation is using perfectly aligned technologies, there will be no overall gain in efficacy.
This means that if an organisation is using three perfectly aligned technologies that each have an efficacy of 70%, the combined effect will still be only 70%, said Grobman.
“If they are perfectly correlated, that means they are essentially only going to give the same answer to everything – they are all going to detect the same things,” he said.
Therefore, deploying extra technology does not necessarily result in better threat detection, and for this reason, McAfee’s technology development typically aims at low correlation with existing technologies.
“If we are considering a new technology that covers what existing technologies already cover, then we dismiss it quickly, unless it is cheaper to produce,” said Grobman.
“Paradoxically, having a lower correlation will result in a higher level of defence because a correlation of zero means that the detection of each technology will be independent from the others.