​Why detection and response holds the key to corporate data protection

3 reasons why prevention is pointless unless it’s tied to a detection and response capability

Picture: Steve Jurvetson, Flickr

Picture: Steve Jurvetson, Flickr

There’s no guarantee your business will never be hacked. Ransomware attacks and data exfiltration are plaguing Australia’s IT landscape. At the same time, a lack of visibility into hidden threats within IT infrastructure is making local organisations more vulnerable than we dare to think. Almost a quarter of Australian organisations deal with security breaches that interrupt their business on a monthly basis. Businesses with the most complex data are falling victim to security hacks – look no further than recent DDoS attacks and the Mirai botnet.

Without advanced threat detection, attacks are often months or years old by the time they are discovered. Findings from FireEye M-Trends Report 2016 show the average number of days to detection is 146, and that 53 percent of attacks are detected externally, on average at 320 days.

The quicker your business detects anomalies in your infrastructure, the better. Enterprises are changing security spending strategies, moving away from prevention-only to focus on detection and response. This shift in approach comes as spending on security is expected to reach US$90 billion in 2017, according to Gartner.

These findings support the idea that prevention is pointless unless it’s tied to a detection and response capability. Let’s take a closer look at three factors that are contributing to this shift in mindset:

1. Making sense of data

This will improve the security posture of your organisation. More often than not, organisations are generating vast amounts of security-relevant data. Monitoring and analysing data is integral to gaining insight to what is happening across your network, and most importantly, detecting threats.

Advanced analytics are key to producing insights from large volumes of data. Traditional security information and event and management (SIEM) solutions often struggle to keep pace with the ever increasing volumes of data, and the variety of data produced in today’s corporate environment. Data which is not collected within these systems creates a ‘blind spot’ which inhibits the effectiveness of your security team, and limits the potential insights for your business. The key benefit of modern analytics platforms is the ability to leverage analytics and machine learning capabilities across a single data set for use by both business and security teams.

2. Better, faster decisions during security incidents

Once you detect a threat within your environment, appropriate response is vital. Threat actors today move much faster than any security person could respond with manual tools. Analytics and automation platforms are the essential tools for incident responders as they track, contain, and mitigate multi-vector threats.

This is where the power of security analytics and machine learning comes in. For example, machine learning detects data anomalies in real time. This used either on its own or in combination with a traditional SIEM reduces complexity and provides a more timely response, again saving resources and time.

3. Hackers change behaviour and you should too

When an attacker hacks your network, they’ll change techniques if they realise they’ve been discovered. They’ll most likely use a team armed with highly automated tools to do a smash-and-grab – snatching data off your network as quickly as possible. You need to adapt your response in the heat of the action. This is particularly vital for organisations storing sensitive information, such as finance and healthcare companies.

Using an adaptive response technology, you’re able to do just that. A connected nerve system enables organisations to analyse and correlate a wide range of data across a multi-vendor environment, helping their security team to work faster and with more agility. This is especially crucial when attempting to outsmart teams of hackers.

As IT security threats evolve exponentially, remember that you can’t stop a highly determined attacker from targeting your data. However, with the right security solutions, you can make your organisation an extremely difficult target.

Simon Eid is Area Vice President, Splunk ANZ

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags businessnetwork securitysplunk

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Simon Eid

PC World
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?