Detection and Response is Top Security Priority for Organizations in 2017
Research firm Gartner today released a report titled “Market Insight: Security Market Transformation Disrupted by the Emergence of Smart, Pervasive and Efficient Security.”
The report focuses on the shift in security spending from a prevention-only approach to enhanced detection and response capabilities. This is expected to be a key priority for security buyers over the next five years, and will have a negative impact on budgets for traditional preventive solutions. Gartner analyst Sid Deshpande noted that the shift to detection and response approaches spans people, process and technology elements. We agree with this observation and believe that the shift does not merely affect these three elements, but s a result of the vertex of these three:
Cybercrime technology has evolved greatly in the last couple of years, far faster than security technology has. The traditional paradigm of Perimeter- network-endpoint-log/SIEM is simply not sufficient against current threats, which have proliferated to an extent that effective prevention is no longer possible. And even if cybersecurity technology was able to mitigate cybercrime threats, today’s cyber criminals and terrorists have potential access to the mightiest cyber tools – those of the CIA (. Can any organization seriously claim that it can prevent attacks from the US government? The answer is no, which means that they cannot claim to be secured against less skillful actors using the same tools or their derivatives.
Because 100% prevention is no longer possible, organizations are now forced to think in business terms rather than security terms. This mindset calls for determining an acceptable risk level; zero percent means no risk (but likely does not enable any form of digital business), and 100% risk means the doors are wide open and you’re out of business. Anything in between is up for debate and eventually determined according to the individual company’s risk appetite. When this risk threshold has been determined, the security manager must then look at his operation from a business perspective and provide the best value for money (or ROI) for the funds invested in security. Gartner notes that CISOs are changing how they measure the success of their security strategy, as well as their security investment’s effectiveness and contribution to overall digital strategy (i.e. is security helping to reduce friction and increase conversion?).
“CISOs are keen to communicate the return on investment of their security strategy in terms of the business value associated with quick damage limitation, in addition to threat prevention and blocking,” said Lawrence Pingree, research director at Gartner.
It’s no secret that cybersecurity professionals are in great demand, with more than a million IT security positions now open worldwide. Even if such people are found and recruited, they are not skilled or experienced enough to handle sophisticated threats. According to arecent Cisco survey, 60% of respondents report that half or fewer of their security staff have the specialized skills and training necessary to address complex security issues. A similar percentage of respondents believe that their employees’ skill sets concerning emerging and evolving threats are less than adequate. This is exacerbated by the fact that many organizations lack established organizational knowledge of detection and response security strategies because preventive approaches were the most common tactics for decades.
When contemplating the three elements together — technology, processes and people — it’s no wonder that organizations are having trouble waking up from their rosy prevention dreams to the hard reality of detection and mitigation. This approach requires more skilled personnel, advanced systems with enhanced automation and artificial intelligence, and more than anything, a hunter’s mindset of looking to quickly detect and eliminate the threats in his network, vs. the lax farmer attitude of building a wall with the hopes of keeping the predators out.
We applaud Gartner for identifying this trend and pointing their customers in the right direction. It is our hope that technologies such as SecBI will enable organizations to transition quickly to this new, less naïve world.