From prevention to detection: why businesses must shift their security focus

As cyber attacks continue to soar to unprecedented levels, organisations are starting to realise that data breaches are now inevitable.

Indeed, cybercriminals are using increasingly sophisticated tactics and becoming more and more underhand in their techniques, leaving organisations continuously playing cat and mouse in a bid to keep up.

Not long ago, organisations could install a few firewalls and some anti-virus software, and feel confident that those systems would defend them against any attempted attacks. A few years down the line and the same cannot be said.

Today, IT environments have become far more vulnerable as enterprise mobility, cloud, and BYOD have broken down the defensible perimeter and added layers of complexity to securing the enterprise.

>See also: How do you solve a problem like cybercrime?

Organisations therefore need shift the way network security is addressed. On a positive note, they are finally acknowledging that traditional defences are inadequate when faced with today’s rapidly evolving threat landscape.

That’s not to say that these measures don’t have a role to play in defending networks – they do – but on their own they fail to protect from long-term harm.

While the maturity of an organisation’s security can vary dependent on budgets and its own risk tolerances, today’s threat landscape is such that if a hacker wants to get in, they will.

What organisations need is a more proactive approach that focuses on detection rather than prevention, specifically ensuring they have full visibility into their networks so that they can detect and mitigate a threat before any damage has been done.

Headlines over the last year indicate that threats can come from anywhere, including internally, and for any reason. It is therefore important that businesses take a different stance and assume that they will be attacked, and subsequently take the necessary precautions to identify these threats as quickly as possible.

Worryingly, recent research revealed that nearly half of UK organisations that have suffered a data breach took more than four months to detect a problem, and more than three months to mitigate the risk.

This means that their corporate networks were open to the hackers for at least seven months, giving them plenty of time to take what they need.

Having a ‘when, not if’ mindset and putting detection tools in place will ensure that any damage is limited, while investigations into a breach can take place much faster and with greater accuracy.

Detection and response

Effective IT security depends on skilled people, well-defined polices and processes, and a range of integrated technologies. As both the volumes of cyber threats and the sophistication of attack methods continue to grow, security technology is critical in augmenting the human expertise necessary to successfully detect and respond to potentially damaging threats.

Business intelligence has allowed organisations to connect points of seemingly unrelated data to find new opportunities for a number of years. Security intelligence does much the same with threat information, enabling security teams to clearly see any and all threats that matter, so they can respond as quickly and efficiently as possible.

Cyber threats are usually evidenced in underlying forensic data, which consists of the log and machine data being constantly generated by every server, device, application, database and security system deployed across the IT environment.

Additional forensic visibility is achieved by the deployment of targeted forensic sensors that can provide deep visibility across servers, endpoints and entire networks. Within this massive data set are clear indicators of threats, and unlocking the insight contained within this information is key to identifying the threats that could cause damage and present actual risk.

This is the main objective of security intelligence – to delve into the data to deliver the right information at the right time with the appropriate context for the right people – in order to significantly reduce the amount of time it takes to identify and remediate threats.

There are two key metrics that organisations must consider when evaluating their security posture: the mean time it takes to identify threats and the mean time it takes to mitigate threats.

>See also: Britain is paying the price of cybercrime

At present, most organisations operate in a mode where these metrics are measured in weeks or months. It’s therefore not surprising that nearly half of businesses in the UK believe their company should be doing more to improve the time it takes to detect and respond to today’s threats.

Clearly, the more time an intruder is permitted to roam the system undetected, the more damage they can do, leaving an organisation increasingly vulnerable. As such, companies seeking to reduce their cyber security risk need to look to security intelligence in order to reduce the time to hours and days and, in an ideal world, minutes.

Ultimately, the threat landscape is evolving at a pace that many organisations are struggling to keep up with, so it’s more imperative than ever that they ensure they can minimise the impact of a threat when – in all likelihood – one makes its way onto their network.


Sourced from Ross Brewer, VP and MD of international markets, LogRhythm

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Cyber Threats
Data Breach