​Why detection and response holds the key to corporate data protection

Picture: Steve Jurvetson, Flickr

There’s no guarantee your business will never be hacked. Ransomware attacks and data exfiltration are plaguing Australia’s IT landscape. At the same time, a lack of visibility into hidden threats within IT infrastructure is making local organisations more vulnerable than we dare to think. Almost a quarter of Australian organisations deal with security breaches that interrupt their business on a monthly basis. Businesses with the most complex data are falling victim to security hacks – look no further than recent DDoS attacks and the Mirai botnet.

Without advanced threat detection, attacks are often months or years old by the time they are discovered. Findings from FireEye M-Trends Report 2016 show the average number of days to detection is 146, and that 53 percent of attacks are detected externally, on average at 320 days.

The quicker your business detects anomalies in your infrastructure, the better. Enterprises are changing security spending strategies, moving away from prevention-only to focus on detection and response. This shift in approach comes as spending on security is expected to reach US$90 billion in 2017, according to Gartner.

These findings support the idea that prevention is pointless unless it’s tied to a detection and response capability. Let’s take a closer look at three factors that are contributing to this shift in mindset:

1. Making sense of data

This will improve the security posture of your organisation. More often than not, organisations are generating vast amounts of security-relevant data. Monitoring and analysing data is integral to gaining insight to what is happening across your network, and most importantly, detecting threats.

Advanced analytics are key to producing insights from large volumes of data. Traditional security information and event and management (SIEM) solutions often struggle to keep pace with the ever increasing volumes of data, and the variety of data produced in today’s corporate environment. Data which is not collected within these systems creates a ‘blind spot’ which inhibits the effectiveness of your security team, and limits the potential insights for your business. The key benefit of modern analytics platforms is the ability to leverage analytics and machine learning capabilities across a single data set for use by both business and security teams.

2. Better, faster decisions during security incidents

Once you detect a threat within your environment, appropriate response is vital. Threat actors today move much faster than any security person could respond with manual tools. Analytics and automation platforms are the essential tools for incident responders as they track, contain, and mitigate multi-vector threats.

This is where the power of security analytics and machine learning comes in. For example, machine learning detects data anomalies in real time. This used either on its own or in combination with a traditional SIEM reduces complexity and provides a more timely response, again saving resources and time.

3. Hackers change behaviour and you should too

When an attacker hacks your network, they’ll change techniques if they realise they’ve been discovered. They’ll most likely use a team armed with highly automated tools to do a smash-and-grab – snatching data off your network as quickly as possible. You need to adapt your response in the heat of the action. This is particularly vital for organisations storing sensitive information, such as finance and healthcare companies.

Using an adaptive response technology, you’re able to do just that. A connected nerve system enables organisations to analyse and correlate a wide range of data across a multi-vendor environment, helping their security team to work faster and with more agility. This is especially crucial when attempting to outsmart teams of hackers.

As IT security threats evolve exponentially, remember that you can’t stop a highly determined attacker from targeting your data. However, with the right security solutions, you can make your organisation an extremely difficult target.

Simon Eid is Area Vice President, Splunk ANZ