​Why detection and response holds the key to corporate data protection

3 reasons why prevention is pointless unless it’s tied to a detection and response capability

Picture: Steve Jurvetson, Flickr

Picture: Steve Jurvetson, Flickr

There’s no guarantee your business will never be hacked. Ransomware attacks and data exfiltration are plaguing Australia’s IT landscape. At the same time, a lack of visibility into hidden threats within IT infrastructure is making local organisations more vulnerable than we dare to think. Almost a quarter of Australian organisations deal with security breaches that interrupt their business on a monthly basis. Businesses with the most complex data are falling victim to security hacks – look no further than recent DDoS attacks and the Mirai botnet.

Without advanced threat detection, attacks are often months or years old by the time they are discovered. Findings from FireEye M-Trends Report 2016 show the average number of days to detection is 146, and that 53 percent of attacks are detected externally, on average at 320 days.

The quicker your business detects anomalies in your infrastructure, the better. Enterprises are changing security spending strategies, moving away from prevention-only to focus on detection and response. This shift in approach comes as spending on security is expected to reach US$90 billion in 2017, according to Gartner.

These findings support the idea that prevention is pointless unless it’s tied to a detection and response capability. Let’s take a closer look at three factors that are contributing to this shift in mindset:

1. Making sense of data

This will improve the security posture of your organisation. More often than not, organisations are generating vast amounts of security-relevant data. Monitoring and analysing data is integral to gaining insight to what is happening across your network, and most importantly, detecting threats.

Advanced analytics are key to producing insights from large volumes of data. Traditional security information and event and management (SIEM) solutions often struggle to keep pace with the ever increasing volumes of data, and the variety of data produced in today’s corporate environment. Data which is not collected within these systems creates a ‘blind spot’ which inhibits the effectiveness of your security team, and limits the potential insights for your business. The key benefit of modern analytics platforms is the ability to leverage analytics and machine learning capabilities across a single data set for use by both business and security teams.

2. Better, faster decisions during security incidents

Once you detect a threat within your environment, appropriate response is vital. Threat actors today move much faster than any security person could respond with manual tools. Analytics and automation platforms are the essential tools for incident responders as they track, contain, and mitigate multi-vector threats.

This is where the power of security analytics and machine learning comes in. For example, machine learning detects data anomalies in real time. This used either on its own or in combination with a traditional SIEM reduces complexity and provides a more timely response, again saving resources and time.

3. Hackers change behaviour and you should too

When an attacker hacks your network, they’ll change techniques if they realise they’ve been discovered. They’ll most likely use a team armed with highly automated tools to do a smash-and-grab – snatching data off your network as quickly as possible. You need to adapt your response in the heat of the action. This is particularly vital for organisations storing sensitive information, such as finance and healthcare companies.

Using an adaptive response technology, you’re able to do just that. A connected nerve system enables organisations to analyse and correlate a wide range of data across a multi-vendor environment, helping their security team to work faster and with more agility. This is especially crucial when attempting to outsmart teams of hackers.

As IT security threats evolve exponentially, remember that you can’t stop a highly determined attacker from targeting your data. However, with the right security solutions, you can make your organisation an extremely difficult target.

Simon Eid is Area Vice President, Splunk ANZ

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags network securitysplunkbusiness

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Simon Eid

PC World
Show Comments

Father’s Day Gift Guide

Most Popular Reviews

Latest Articles


PCW Evaluation Team

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?