Focus On Detection, Not Just Prevention

The cyber threat landscape is transforming rapidly on a daily basis. The nature of attacks is becoming more sophisticated and security mechanisms are struggling to keep up at their best, and, at worst, are woefully inadequate when it comes to dealing with these threats. This is one of the reasons why the rate of cyber crimes has increased exponentially. According to Identity Theft Resource Center (ITRC) statistics, first five months of 2016 saw a total of 430 data breaches in US alone. And this does not include the MySpace, tumblr and LinkedIN announcements last week.

One of the major reasons why many businesses fail in ensuring cyber security is that they are focusing only on half of the problem. Most of the organization’s cyber security budget is assigned to prevention mechanisms, but not enough goes into detection. Also, mostly due to the FUD factor that current vendor landscape focusses on. Perhaps this is the reason why, according to EY’s Global Information Security Survey, more than one third organizations are utterly incapable of detecting a sophisticated cyber attack.

Hackers and cyber criminals are fully aware of this glaring shortcoming. And they’re leaving no stone unturned to exploit it. They are constantly in search of innovative ways to breach an organization’s prevention mechanisms. This is what makes the attacks even more devastating. Relying on a variety of attack vectors, these criminals are bigger threats than ever before. And what’s even more surprising is that many of these sophisticated attacks simply go undetected unless severe damage is done.

This is why your organization must stop relying primarily on prevention mechanisms. Firewalls, anti-viruses, secure gateways, and intrusion prevention systems can only take you so far. If you think your organization is fully capable of dealing with cyber threats through preventive mechanisms alone, you have are living in the dark. Continuous monitoring and threat detection mechanisms are some of the innovations you will need to implement.

The difference between detection and prevention

Detection and prevention are, to some extent, similar mechanisms. The tools they require are similar and many managed security services providers offer both.While prevention mechanisms are designed to block incoming threats, detection mechanisms are designed to locate and identify potential threats.  

Simply put, if you want maximum security, you need to realize that you cannot prevent your organization from all cyber attacks. Even if you could, that would require considerably more resources than what you can assign for cyber security. That’s why it’s more realistic to assume that many threats would easily pass through your Prevention systems.

When it comes to threat detection, you must stay up to date with the current trends in the threat landscape. Gathering cyber intelligence is integral to the functioning of the whole process. And if your organization does not have the capability of monitoring patterns of vulnerability across networks, there is always the option to seek assistance from managed security service providers (MSSPs).

Maintaining the balance

Many industry analysts now claim that since the nature of the threats is too sophisticated to be prevented, detection must be your organization’s top priority. This is a dangerous trend. The latter approach is as flawed as the former. In order to ensure maximum security, there must be a balance between the two approaches. Detection and prevention should go hand-in-hand.

Gartner’s Neil MacDonald sums it up succinctly. “We overspend on increasingly ineffective prevention technologies — network and host based firewalls, intrusion prevention systems and antivirus technologies in a futile attempt to prevent all infections,” says Neil. “Complete protection requires both investments in both prevention and detection. We have been too lopsided in our investments for too long.”