INTELLIGENT ENTERPRISE SECURITY
Mazen Dohaji, Regional
Director for the Middle
East, Turkey and Africa at
LogRhythm talks about how
to prevent data breaches by
reducing time to detect and
respond to threats.
Evolving threat detection and
response cyber strategies
G
lobally, sophisticated cyber attacks
are compromising organisations
at an unprecedented rate and
with devastating consequences. Modern
attackers, including criminal organisations,
ideological groups, nation states and other
advanced threat actors are motivated by
a wide range of objectives that include
financial gain, industrial espionage, cyber-
warfare and terrorism. These attacks are
often very expensive for compromised
organisations, costing each company an
average of $7.7 million.
The odds that your organisation will
be compromised are high. In fact, a
recent report indicates that 76 per cent of
surveyed organisations were compromised
in 2016. It is against this backdrop that
organisations increasingly expect that it’s
not if they will be compromised, but rather
when they will be compromised.
38
A new approach is required
The traditional approach to cybersecurity
has been to use a prevention-centric
strategy focused on blocking attacks.
While prevention-centric approaches
do stop many threats, many of today’s
advanced and motivated threat actors
are circumventing these defences with
creative, stealthy, targeted and persistent
attacks that often go undetected for
significant periods of time.
In response to the shortcomings of
prevention-centric security strategies and
the challenges of securing an increasingly
complex and open IT environment, many
organisations are progressively shifting
their resources and focusing towards
strategies centred on threat detection
and response. Analyst Gartner estimates
that by 2020, 60 per cent of enterprise
information security budgets will be
allocated for rapid detection and response
approaches, up from less than 20 per cent
in 2015. Security teams that are able to
reduce their mean time to detect (MTTD)
and mean time to respond (MTTR)
can materially decrease their risk of
experiencing a high-impact cyber incident
or data breach.
Unfortunately, the growing complexity
of IT and an increasingly hostile threat
landscape has made it challenging to
realise reductions in MTTD and MTTR.
Most organisations are struggling to keep
up with the volume of security alerts;
many of them false positives or of low
quality. These challenges are evidenced
when looking at recent data breaches.
Too often, the time it took for the affected
organisation to discover and respond to the
data breach was measured in months and,
in some cases, years.
ssue 08
NTELLIGENT TECH CHANNELS