A new approach to cyber security is required
17 July 2017
Victims of damaging cyber breaches make the news every week – don’t become one of them.
Ross Brewer, vice president and managing director EMEA, LogRhythm
Globally, sophisticated cyber-attacks are compromising organisations at an unprecedented rate and with devastating consequences. Today’s hackers are motivated by a wide range of objectives that include financial gain, industrial espionage, cyber-warfare, and terrorism. The odds that your organisation will be compromised are high with a recent report indicating that 76 percent of surveyed organisations suffered a data breach in 2016. Organisations increasingly expect that it’s not if they will be compromised, but rather when will they be compromised.
A shift from prevention to detection and response
The traditional approach to cyber security has been to use a prevention-centric strategy focused on blocking attacks. Many of today’s advanced and motivated threat actors are circumventing these defences with creative, stealthy, targeted, and persistent attacks that often go undetected for significant periods of time.
Many organisations are progressively shifting their resources and focusing towards strategies centred on threat detection and response. Gartner predicts that by 2020, 60 percent of enterprise information security budgets will be allocated for rapid detection and response approaches, up from less than 30 percent in 2016. Security teams that are able to reduce their mean time to detect (MTTD) and mean time to respond (MTTR) can materially decrease their risk of experiencing a high-impact cyber incident or data breach.
You can lessen your organisation’s risk of experiencing a damaging cyber incident or data breach by investing in effective Threat Lifecycle Management (TLM). Although internal and external threats will exist, the key to managing their impact within your environment and reducing the likelihood of costly consequences is through faster detection and response capabilities.
Highly effective and efficient workflows that use automation where possible will help your organisation gain human efficiencies and optimal TLM. Machine driven security analytics must play an increasingly significant role, delivering human operators accurate, actionable intelligence on real threats. You must also invest in incident response orchestration capabilities that automate routine investigative tasks and countermeasures.
While TLM can be realised via a combination of disparate systems, a unified approach is optimal to ensure that information, people, and processes are aligned towards the objective of maximally reducing MTTD and MTTR. Some of the principal cost benefits resulting from a unified approach are:
• Reduced costs associated with integrating multiple third-party systems through APIs
• Reduced data storage and infrastructure costs associated with shipping copies of data across disparate systems
• Fewer products and UIs to learn and manage across the TLM workflow reducing analyst “swivel head” inefficiencies
To learn more about how LogRhythm’s unified platform approach can help you optimally reduce your MTTD and MTTR, visit LogRhythm.com.