May 3, 2016
Information Security: Rapid Detection and Response
The Basis for an Information Security Shift:
Previously I wrote about the shift in the Information Security landscape away from a static, reactive discipline to one focused on speed and accuracy. Let’s take a deeper look into these areas of Rapid Detection and Response.
As noted by Network World, companies are trending away from the idea that it’s possible to stop all malware threats with a strong enough perimeter. Not only are attacks more subtle and frequent than ever before, but many risks stem from user error or malicious intent — and may not be recognized by perimeter systems as “threatening” if employees are authorized to access the network at large.
The result is a shift to what is known as “rapid detection.”
Hit the Ground Running
Here, speed becomes the focus rather than impenetrable security. It requires companies to acknowledge that no system is inherently secure; inevitably, attackers will slip through defenses and attempt to wreak havoc. Rapid detection systems aim to reduce the amount of time hackers are active in your system by red-flagging their actions early and giving you the chance to quarantine or eliminate the threat. One key advantage of rapid response is an emphasis on behavior over specific lines of code or incoming IP address — by seeking suspicious use patterns, it’s possible to catch both external actors and accidental insiders at work.
Of course, speed alone isn’t the endgame for business network security but a solid first step. Next up? Response.
Solving For “X”
Each cyber threat is unique. Some attackers leverage pre-made exploit kits while others prefer building their code. Employees may unwittingly leave their workstation logged in when they leave, or may deliberately try to misuse company resources and expose critical systems to risk. Dealing with myriad risk means relying on network security services that don’t simply detect incoming threats, but are also capable of intelligent response. This might mean isolating suspect code in a virtual machine (VM) instance, or it could demand an immediate network cutoff until the problem is resolved.
Security, Detection and Response
Information security has gained depth and breadth over the last decade, thanks to the rise of disruptive technologies like the cloud and a new generation of sophisticated malware makers. Internal threats — malicious and accidental — also conspire to create an ever-shifting security environment that demands more than just perimeter defenses or top-notch detectors. A strong infosec policy combined with rapid detection and effective response, however, gives companies the edge and helps lower their total cyber risk.
Enter your email address below to receive updates each time we publish new content.