Make Speed-to-Detection Your Primary Goal

Make Speed-to-Detection Your Primary Goal

Security decision makers are moving away from threat prevention to a mindset focused on advanced detection, rapid response and breach mediation.

That's a smart approach for today's fast-changing security landscape. An estimated 90 percent of cyber security budgets are spent on protecting sensitive data, systems and networks from attacks. Perimeter defenses, including firewalls and antivirus clients are among the most widely used weapons in this battle.

But these approaches can't keep up with the pace of hacker innovation. It’s an arms race and the bad guys are currently one step ahead. Every organization must assume that its perimeter protections have failed and will fail, says Jason Straight, senior VP of cyber-risk solutions at legal-services provider UnitedLex.

Some organizations have tried bolstering perimeter approaches with simple prediction systems, which use pattern-matching to predict when a malicious intrusion is likely. But these systems also create a lot of "false alerts" — notifications that ultimately don’t check out. And at some point, those false alerts start getting ignored, much like the proverbial boy who cried wolf. Consider:

  • Nearly 70 percent of security operations teams spend significant amounts of time chasing false positives, finds a recent Ponemon Institute survey of IT and cyber security professionals.
  • Fewer than one in three (29%) malware alerts ever get investigated, Ponemon’s survey found. Of these, 40% turn out to be false positives.
  • Just over half of organizations need months to detect successful breaches, while another 17% need a year or longer, finds a recent Accenture survey of security executives.
  • More than a third of cyber breaches are discovered not by organizations’ internal security teams, but by "regular" employees and others.

All that leads Elizabeth Kim, a senior research analyst at Gartner, to conclude: "Taking a preventive approach has not been successful in blocking malicious attacks."

Breach Detection

That's why smart security professionals are adding breach detection to their cyber strategies.

One reason breach detection is so important: Much of the damage can occur after a breach. Once hackers get into your network, they can poke around for months — even years — mining valuable data and causing all sorts of damage and chaos.

Detection comes in two main flavors:

  • Endpoint detection and response: EDR tools record numerous endpoint and network events, then store this information either locally on the endpoint or in a centralized database. They use this data to continuously search for breaches — including attacks by insiders — and rapidly respond to attacks.
  • Managed detection and response: MDR adds help from a managed service provider. This helps internal IT groups that lack the manpower, skills, budget and other resources to do it themselves.

Gartner expects both types of detection to grow rapidly, due to the emerging imperative to detect potential breaches and react faster.

Smarter Machines

Machine learning can help, too. Detecting security breaches has been likened to finding the proverbial needle in a haystack. A large organization may need to monitor literally millions of connections over thousands of servers, far exceeding the capabilities of its human teams.

Masergy offers several detection approaches to keep your networks and systems safe:

  • Security Control Center staffed by security experts who monitor your network 24x7 to help you detect, investigate and stop threats.
  • Network Behavioral Analysis uses raw packet information to detect early-threat activity.
  • Emergent Behavior Detection employs Masergy's advanced, patent-pending machine-learning technology to detect unknown behaviors in network traffic.
  • APT Management detects advanced persistent threats when a user's infected device behaves abnormally.

To learn more about threat detection, listen to our webinar: "Prevention vs. Detection: The Art of Cyber War."

About Mike Stute

Chief Scientist, Masergy
Mike Stute is Chief Scientist at Masergy Communications and is the chief architect of the Unified Enterprise Security network behavioral analysis system. As a data scientist, he is responsible for the research and development of deep analysis methods using machine learning, probability engines, and complex system analysis in big data environments. Mike has over 22 years experience in information systems security and has developed analysis systems in fields such as power generation, educational institutions, biotechnology, and electronic communication networks.