In his latest article for SecurityWeek, Core Security's CEO, Mark Hatton, talks about Predictive vs. Proactive security and uses the snow storm in Atlanta last week as an example.

On Tuesday, a rare weather phenomenon mixed with poor planning and an overdependence on cars conspired to create a perfect storm ~ CNN

Last week I spent the better part of an hour talking with my brother-in-law about his 22 hour ordeal of being stuck on an Atlanta highway in complete gridlock. As a native New Englander, it is practically inconceivable to me that just a couple of inches of snow and ice could have such a dramatic effect on a major metropolitan area. But that is exactly what happened. The city was brought to its knees and commuters, students, and anyone unlucky enough to be on the road found themselves in an event that reads more like the script from a bad TV movie.

 Didn’t they know this was coming, I asked? “Yeah,” he replied, “They knew it was coming, but by the time they reacted and got the salt trucks on the road it was too late.” As I hung up the phone I was still trying to reconcile how you could be aware of a major event taking place, and yet still be powerless to do anything about it. And only in the South would two inches of snow qualify as major, but that’s beside the point. A side effect of having spent more than 20 years in the security space is that you start viewing everything through the lens of security and how it compares to the way we do things in the security world. So the more I thought about the Atlanta example, the clearer it became that the predictive argument that we’ve been making for the past couple of years is only part of the equation.

While predictive remains a critical component of any competent security program, the question remains, what are you going to do with this information? When you think about it, the folks down in Atlanta who have responsibility for maintaining the roadways had some pretty strong predictive data, but failed to be proactive and do anything with it, leading to a commuting disaster of historical proportions. Predictive security narrows the scope considerably and helps IT and security pros zero-in on the most likely vulnerabilities and areas most-at-risk due to the sensitive nature of the data they hold. However, this information alone is not enough to counter the threats that are out there. As we saw in our Atlanta example, information only holds value if you put it into action. So while predictive security is the first step, proactive security is the direction in which we need to be viewing our security efforts. To read the complete article please visit SecurityWeek at: