Most chief information security officers have begun to shift their security posture toward gaining more visibility into the way attacks occur, and how their organizations become targets, admitting they can’t protect their infrastructure from all cyber threats 100 percent of the time. Increasingly, CISOs recognize that visibility must be relevant if they want to efficiently contain breaches and not waste precious time on a witch-hunt.
Prevention is not enough
A recent survey by security company Bitdefender shows that one in four CISOs in the US and Europe admit their company has suffered a breach in the past year. Failure to detect a breach quickly may lead to full infrastructure compromise, irreversible data loss, and financial repercussions. For some companies, the implications of a breach may be so severe that they would never recover.
This explains why companies have rapidly embraced active defense mechanisms, such as endpoint detection and response (EDR) tools, to get relevant, accurate reports of security operations and analytics. EDR solutions not only help CISOs protect their infrastructure against sophisticated cyber threats, facilitate early detection and gather intelligence, but also bring better visibility to stealthy attacks, enabling rapid containment.
Detection and response capabilities allow security teams to easily and immediately detect an attack and act to minimize the impact on the network, brand reputation and customers. Companies that use an EDR solution acknowledge that a cyberattack can occur at any time, and security platforms can only address 99 percent of threats. EDR tools focus on addressing the last one percent of threats, allowing for greater fidelity in incident investigations. However, even though stacking multiple solutions including EDR, brings stronger security, CISOs still face trouble managing multiple platforms, chasing false alerts and providing adequate security resources while keeping costs down.
A truly effective EDR solution must drive security focus and enable the organization’s overall security strategy. Otherwise, visibility can be seriously impaired by the sheer volume of potentially non-critical security alerts. The point of EDR is to flag any potential security threat and help increase the overall security posture of an organization, without filtering out relevant security alerts. Without a proper EDR solution, increased visibility can backfire and cause alert fatigue, overburdening IT and security departments that are already stretched thin in terms of resources and manpower.
CISOs now place the need for faster detection and response capabilitiesas the second main driver for enhancing their company’s cybersecurity posture, winning out over increased productivity which was the main driver selected in a 2016 survey conducted by Bitdefender.
Meaningful intelligence makes a world of difference
EDR tools that don’t have priority-based alert filtering mechanisms can slow the detection and response process of real threats, as it may send IT and security staff on fruitless investigation paths. EDR alerts should not be about the sheer number of triggered alerts, but about intelligent, reliable, and meaningful alerts with a high probability of pointing to a real threat.
IT and security teams that are already overburdened may end up ignoring or disregarding what can feel like a never-ending tide of security alerts. Triggered alerts could take days, weeks, and even months before they’re addressed and investigated, meaning a lack of staff to review them could be just as detrimental as the lack of an EDR solution in terms of the time it takes to detect a breach.
The major benefit of meaningful EDR alerts is that accurate and actionable security alerts lead to fast detection and response, without overburdening IT or security staff with trivial notifications. Rapid detection of data breaches means incident response procedures can be immediately triggered to contain, mitigate, and prevent full-blown security incidents.
The true power of an effective security posture lies in a layered security defense, augmented by next generation detection and response tools that accurately catch and stop potential data breaches as they occur. Based on the data in this survey, it’s fair to say that organizations cannot afford the absence of the right security tools.
About the author: Liviu Arsene is a Senior E-Threat analyst for Bitdefender, with a strong background in security and technology. Reporting on global trends and developments in computer security, he writes about malware outbreaks and security incidents while coordinating with technical and research departments.
Source: infosec island