​Why detection and response holds the key to corporate data protection

3 reasons why prevention is pointless unless it’s tied to a detection and response capability

Picture: Steve Jurvetson, Flickr

Picture: Steve Jurvetson, Flickr

There’s no guarantee your business will never be hacked. Ransomware attacks and data exfiltration are plaguing Australia’s IT landscape. At the same time, a lack of visibility into hidden threats within IT infrastructure is making local organisations more vulnerable than we dare to think. Almost a quarter of Australian organisations deal with security breaches that interrupt their business on a monthly basis. Businesses with the most complex data are falling victim to security hacks – look no further than recent DDoS attacks and the Mirai botnet.

Without advanced threat detection, attacks are often months or years old by the time they are discovered. Findings from FireEye M-Trends Report 2016 show the average number of days to detection is 146, and that 53 percent of attacks are detected externally, on average at 320 days.

The quicker your business detects anomalies in your infrastructure, the better. Enterprises are changing security spending strategies, moving away from prevention-only to focus on detection and response. This shift in approach comes as spending on security is expected to reach US$90 billion in 2017, according to Gartner.

These findings support the idea that prevention is pointless unless it’s tied to a detection and response capability. Let’s take a closer look at three factors that are contributing to this shift in mindset:

1. Making sense of data

This will improve the security posture of your organisation. More often than not, organisations are generating vast amounts of security-relevant data. Monitoring and analysing data is integral to gaining insight to what is happening across your network, and most importantly, detecting threats.

Advanced analytics are key to producing insights from large volumes of data. Traditional security information and event and management (SIEM) solutions often struggle to keep pace with the ever increasing volumes of data, and the variety of data produced in today’s corporate environment. Data which is not collected within these systems creates a ‘blind spot’ which inhibits the effectiveness of your security team, and limits the potential insights for your business. The key benefit of modern analytics platforms is the ability to leverage analytics and machine learning capabilities across a single data set for use by both business and security teams.

2. Better, faster decisions during security incidents

Once you detect a threat within your environment, appropriate response is vital. Threat actors today move much faster than any security person could respond with manual tools. Analytics and automation platforms are the essential tools for incident responders as they track, contain, and mitigate multi-vector threats.

This is where the power of security analytics and machine learning comes in. For example, machine learning detects data anomalies in real time. This used either on its own or in combination with a traditional SIEM reduces complexity and provides a more timely response, again saving resources and time.

3. Hackers change behaviour and you should too

When an attacker hacks your network, they’ll change techniques if they realise they’ve been discovered. They’ll most likely use a team armed with highly automated tools to do a smash-and-grab – snatching data off your network as quickly as possible. You need to adapt your response in the heat of the action. This is particularly vital for organisations storing sensitive information, such as finance and healthcare companies.

Using an adaptive response technology, you’re able to do just that. A connected nerve system enables organisations to analyse and correlate a wide range of data across a multi-vendor environment, helping their security team to work faster and with more agility. This is especially crucial when attempting to outsmart teams of hackers.

As IT security threats evolve exponentially, remember that you can’t stop a highly determined attacker from targeting your data. However, with the right security solutions, you can make your organisation an extremely difficult target.

Simon Eid is Area Vice President, Splunk ANZ

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags network securitysplunkbusiness

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Simon Eid

PC World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?