By David Venable, Vice President of Cyber Security
The world of cyber security is a complex battleground. The attack surface is spreading as a result of the growing number of connected devices and malicious apps, the Internet of Things (IoT), cloud services and the digitization of business functions.
Keeping the bad guys out is no longer an option. It’s time for organizations to turn to rapid detection and response. By 2020, 60 percent of enterprise IT security budgets will be allocated to managed detection and response (MDR). That’s up from less than 30 percent in 2016, according to Gartner.
Companies are planning to spend more on MDR because attackers are getting in and the goal is to catch them before they can do much damage. The average dwell time, or the days between when a compromise is detected and then mitigated, is around 200 days. And close to 70 percent of breaches are discovered by third parties.
The long-term impact of cyber breaches are many. Once inside a company’s network, hackers can gain persistence by installing backdoor and rootkits across several systems. From there, they can expand access across internal resources and eventually exfiltrate data. Attack delivery tends to happen quickly in the cyber kill chain, which includes reconnaissance, weaponization, delivery, exploit, installation, command and action.
Kudos to businesses whose security prevention tools are able to detect and thwart such incursions in any of these stages. Security experts will agree though, that prevention alone isn’t enough to keep enterprises safe. NIST’s Cyber Security Framework identifies five categories of activities, of which prevention is only one.
RECALIBRATE
Businesses that practice prevention without corresponding detection can never be sure that the most critical security issues have been addressed. What they need is a rebalancing exercise as detection and response capabilities will often pay significant dividends in terms of identifying and neutralizing an active threat before it has a chance to do significant damage. And make no mistake – a determined attacker will eventually get into your network.
“Organizations are increasingly focusing on detection and response because taking a preventive approach has not been successful in blocking malicious attacks,” says Elizabeth Kim, Senior Research Analyst at Gartner. “We strongly advise businesses to balance their spending to include both.” During the command and control phase of the kill chain, malware is installed and covert network channels are established to evade detection. The software roams the network looking for targets from which to exfiltrate data or to find even more targets. This period presents an opportunity for rapid detection and response to shut these activities down.
HIRE THE EXPERTS
Staffing shortages shoulder part of the blame for businesses not being able to detect and react to threats in a timely manner. Security spending will increasingly focus on services in the face of growing threats. It’s especially challenging for mid-sized organizations to put the people, processes and technology in place for rapid detection. Managed security providers have the ability to scale quickly and provide 24/7 monitoring. They also have the personnel expertise to analyze threat behaviors and advise IT departments on the most effective remediation efforts. Masergy provides a unique combination of behavioral analytics, continuous monitoring and security expertise to help IT departments deal with the growing threat landscape.
David Venable, Vice President of Cyber Security at Masergy Communications, has over 15 years’ experience in information security, with expertise in cryptography, network and application security, vulnerability assessments, penetration testing, and compliance. David is a former intelligence collector with the National Security Agency, with extensive experience in Computer Network Exploitation, Information Operations, and Digital Network Intelligence. He also served as adjunct faculty at the National Cryptologic School.
