Threat Prevention is No Longer Enough to Protect Your Business

Louie Hollmeyer

Louie Hollmeyer, Director of Marketing, ATC

Content provided by Louie Hollmeyer, ATC, and curated by Masergy, an ATC service provider.

The world of cyber security is an asymmetric battleground. The attack surface is growing as a result of the growing number of connected devices, malicious apps, the Internet of Things (for instance smart refrigerators, coffee makers and other devices), cloud services and the digitization of business functions.

Keeping the bad guys out is no longer an option. It’s time for organizations to turn to rapid detection and response.

By 2020, 60 percent of enterprise IT security budgets will be allocated to managed detection and response (MDR). That’s up from less than 30 percent in 2016, according to Gartner.

Companies are planning to spend more on MDR because attackers are getting in and the goal is to catch them before they can do much damage. The average dwell time, the days between when a compromise is detected and then mitigated, is around 200 days. And close to 70 percent of breaches are discovered by third parties.

The long tail impact of cyber breaches are many. Once inside a company’s network, hackers can gain persistence by installing backdoor and rootkits across several systems. From there, they can expand access across internal resources and eventually exfiltrate data.

Attack delivery tends to happen quickly in the cyber kill chain, which includes reconnaissance, weaponization, delivery, exploit, installation, command and action. Kudos to businesses whose security prevention tools catch such incursions in any of these stages and stop it cold. But security experts agree that prevention alone isn’t enough to keep businesses safe.

Businesses Should Recalibrate

Businesses that take prevention efforts without corresponding detection can never be sure that the most critical issues have been addressed. A rebalancing exercise is needed. Detection and response capabilities will typically pay significant dividends in terms of identifying and neutralizing an active threat before it has a chance to do significant damage. And, make no mistake – a determined attacker will eventually get into your network.

Organizations are increasingly focusing on detection and response because taking a preventive approach has not been successful in blocking malicious attacks, said Elizabeth Kim, Senior Research Analyst at Gartner. “We strongly advise businesses to balance their spending to include both.”

During the command and control phase of the kill chain, malware is installed and covert network channels are established to evade detection. The software roams the network looking for targets from which to exfiltrate data or to find even more targets. This period presents an opportunity for rapid detection and response to shut these activities down.

Hire the Experts

Staffing shortages take part of the blame for businesses not being able to detect and react to threats in a timely manner. Security spending will increasingly focus on services in the face of growing threats.

It’s especially challenging for mid-sized organizations to put the people, processes and technology in place for rapid detection. Managed security providers (MSPS) are a viable alternative for resource-constrained organizations. MSPs can scale quickly and provide 24/7 monitoring. They also have the personnel and expertise to analyze threat behaviors and advise IT departments on the most effective remediation efforts.

No business is immune to cyber-attacks, neither large or small. Make sure you’re adequately protected from attacks above and beyond threat prevention.