Prioritizing Your Cybersecurity Investments: Detection vs. Prevention
Detection of cybersecurity incidents
Cybersecurity is on the mind of every business. From retailers to municipalities and financial services companies, no organization is off-limits to unethical cybercriminals intent on inflicting damage and stealing valuable intellectual property. News accounts of intrusions are plentiful and well-publicized. Just recently, international hackers have been suspected of shutting down over 900k routers in Germany, possibly impacting 20 million users.
It’s one consideration to detect intrusions into enterprise networks and data theft. However, how do companies determine the best use of limited technology budgets in preventing intrusions vs. detecting them when they occur?
Prevention: Priority or pipe dream?
According to Steve Ranger at ZDNet, IT spending trends are indicating an increased focus on the detection of intrusions, with spending on threat detection and security incident response software rising 15.8% in the last year. This likely means to combat cybercriminals’ increasingly sophisticated tactics to infiltrate business networks.
Increasingly, intrusions are perpetrated in the form of ransomware or phishing attempts designed to lure employees into clicking legitimate-looking links or opening documents that actually infect computers and servers with software that proliferates through the network stealing information and even deleting data or files. Making things even worse, detection systems can generate a large volume of false positive alerts. These can be difficult for response teams to organize and manage. For these reasons and more, prevention alone is not enough.
In the never-ending struggle between cybercriminals and IT security professionals, it’s important to remember that we must strike a balance between detection and prevention. In order to succeed, hackers need only find a single vulnerability they can exploit. On the other hand, security operations centers need to be constantly vigilant, responding to security alerts and running tests to uncover unknown vulnerabilities.
Striking a balance between detection & prevention
Digital Guardian experts point to the generally-recognized security belief that sooner or later, some level of an undesirable element will gain access to your network or servers. IT budgets are today more focused on preventing access; this is because cloud-based enterprise applications and mobile devices open doors to cyber attacks that hadn’t existed in the past.
Businesses today need to first take inventory of digital assets and their location. This helps determine the effectiveness of investing large sums in prevention. Reasonable due diligence to prevent intrusions is certainly still necessary, providing a good first line of defense for the enterprise. But increasingly, that is not enough for total protection.
As enterprises expand across global networks and incorporate personal devices into their business systems, additional vulnerabilities will continue to proliferate. This makes detection and isolation all the more critical for organizations. Many data thefts or unauthorized access to data take place within the network; detection seems an even more logical use of corporate funds.
Detection and incident response plans are increasingly critical for identification of intrusion sources, containment of impact, and resolution. Incident case management also is an important component of an effective cyber defense plan. This provides subsequent investigations with the information needed to perform detailed analysis and identify commonalities across incidents.
While both prevention and detection are critical components of an effective cybersecurity incident management plan, the trend is beginning to swing toward a blend with an emphasis on detection and incident management.
Pricewaterhouse Coopers conducted a survey of 10,000 businesses and found they had suffered a combined 59 million attacks over the last twelve months. With one attack every few seconds, it’s no longer a question of whether you’ll find a vulnerability, but when.
In this worsening environment, organizations are forced to invest both in more sophisticated detection, which can distinguish threats which need the attention of security staff, and in prevention to cope with the increased volume of attacks.
CyberSponse Security Orchestration and Automation
CyberSponse provides businesses with an orchestrated and automated solution to cybersecurity incidents, threats, and alerts. Founded in 2011, our team developed the first and most mature full-function security management system offering:
- Automated Security Incident Response
- Efficiency SOC Processes while managing their incident response plans
- Providing real-time data collection and analysis of security alerts
- Reduce massive amounts of lost time due to noise levels and broken processes
CyberSponse provides the flexibility for clients to implement our technology on-premise or as a cloud offering.