The cat's officially out of the bag when it comes to threat detection: The majority of the industry simply isn't satisfied with its current solutions. In fact, 76% of respondents in a recent RSA survey indicated that they were not confident in their ability to detect and investigate threats to their environment.
Where did matters go wrong? More importantly, how can the industry reverse this trend and deploy solutions that inspire confidence and foster successful threat detection?
Understanding the Problem
A few points from the RSA survey quickly stand out to reveal exactly why companies have become so unsatisfied. The first culprit is a fragmented solution. It's often easy to start patching together disparate technologies and data sources in an effort to solve problems over time. This tactical, reactive "strategy" almost always leads to sub-par results for obvious reasons.
Many organizations also fail to adopt and integrate solutions that allow for automation. Without automation, detection strategies become slow, ad-hoc, and less effective overall.
Aligning Your Priorities
When it comes to crafting a successful strategy for addressing threats, organizations must first make sure that their priorities are properly aligned. Any ensuing solution should be built with this alignment in mind. Threat priorities can be broken down into three main categories: detection, response, and prevention.
As you begin to flesh out your priorities by weighing these categories, you should resist the urge to put all of your eggs in one basket. While conceptually the temptation is to place the emphasis on prevention, it's important to remember that inadequate processes for detecting and responding to threats that inevitably circumvent preventative controls will lead to costly consequences when an attack occurs.
The More You Know
Once you have all of your priorities in order, the next step is to define the data sources that can drive your detection solutions. Though specific data sources will vary slightly depending on the environment, the most valuable threat data can typically be found in network traffic, network perimeter identity and access management systems. It's also essential to ensure broad coverage across the attack surface, including new off-premise cloud apps and infrastructure. It's particularly important to gather threat data from multiple sources. Unfortunately, many companies are relying on only one or two sources of information. If you're not looking in the right places, you simply won't be able to effectively detect threats.
Bringing It All Together
The final phase of establishing a successful threat detection strategy is to go through an integration process that involves bringing the high-level strategy and low-level data together in harmony. This process will produce the most effective solutions for detection, response, and prevention. The vehicle for this integration lies in three areas: technology, automation, and visibility.
As you bring your strategy into fruition, it's important to be selective when selecting technology so you can ensure compatibility with data sources, dashboards, and existing infrastructure. Furthermore, you should lean toward solutions that take the tedium out of threat detection by providing automated processes for monitoring, data collection, and reporting. When you do so, you set up a condition in which visibility will naturally increase and the insights generated will allow for easier action.
If you follow these steps, you can establish a more effective, efficient, and successful detection strategy, and therefore a safer environment.
Category: RSA Fundamentals, Blog Post
Keywords: Threat, Threat Detection