Cybersecurity detection is a criminal investigation. Cybercrime investigators are experts who are in limited supply. Sometimes their hunt begins while an intrusion is in process, but more often than not, it occurs after the attack when a crime has occurred. The investigation is taunting and less glamorous, realizing that it can take an average of 228 days even to identify the breach[i].
At that point, you’re looking to find out what your adversaries have seen or stolen, you want to plug the holes that enabled the hack and kick out or remove the adversary completely. Figure on an average of 80 days to resolve and contain a breach. Meanwhile, your adversary spends the epic dwell time in your environment to monitor your traffic and behavior before determining their next move.
Do the math on that exercise and, unless you have generous funding, you may conclude that your resources stretch further by focusing on prevention rather than detection. While eliminating detection may not be practical, you can at least realign your spending and shore up your prevention efforts with enhanced actionable information.
Several things have happened to make this shift possible. First, detection is now often automated and highly productive. Second, advance warning is better than ever. You can apply predictive analytics to leverage in-depth threat intelligence sources to produce real-time, automated assessments of your security posture risks from device to cloud.
Proactive Threat Hunting
Making the shift from detection to prevention didn’t happen overnight for the Service public de Wallonie (SPW), the public administration arm of the French-speaking regional government of Wallonia in Belgium. SPW’s endpoint security team oversees 9,000 desktops, 1,300 servers, and 1,000 applications used by more ..
Support the originator by clicking the read the rest link below.
