Why threat detection is your new best friend

  • Make your cybersecurity plan as much of a priority as any other IT service.

  • Incident detection is the first important step, then follow that with plans of action to contain and eliminate the threat.

While today’s enterprises purchase numerous solutions to defend their networks, no security prevention system is fool-proof. In addition to building a security strategy that aims to prevent attacks, your company also needs a plan to deal with a breach after it’s happened.

On average, it takes more than 200 days before a company detects a breach and often months to contain it.

A security attack can cripple your company in the same way a network outage or natural disaster can. In an age when you can assume you’ll be breached, cybersecurity should have a disaster recovery and emergency response system like any other IT service. Yet most firms lack a coherent plan for dealing with cybersecurity.

Building your cybersecurity plan

A cybersecurity plan should have several components but starts by deploying a solution for incident detection and remediation. Incident detection is accomplished by using machine learning to create a behavioral analysis of a company’s network traffic. Companies are exposed to attacks across networks, mobile deployments, web apps, and cloud deployments. Effective incident detection systems assess a company’s traffic across these various sources.

In the past, Intrusion Prevention Systems (IPSs) and Security Information and Event Management (SIEM) tools overwhelmed users with alerts yet missed essential indicators of compromise. Today’s threat detection solutions are built to streamline the number of alerts they present, reducing alerts to those that are most likely to represent a breach.

Once a threat is detected, IT needs to assess the damage, then contain and eliminate the threat. IT can take actions to isolate the affected machines and use another function of the same system or an additional service to trace the incident all the way back to its origin.

A software solution isn’t the only answer to your security woes. Your company needs to eliminate basic security risks such as flat internal networks that permit any-to-any traffic and weak credentials. IT should have rules that separate access privileges based on a person’s duties. Companies should also require periodic security awareness training for all employees.

We live in an ever-evolving threat landscape but the good news is that threat prevention, detection, and response solutions are evolving to protect us. Consider networking security services from AT&T that include threat management as well as security incident and event management.

 

Maribel Lopez is the CEO and mobile market strategist for Lopez Research, a market research and strategy consulting firm that specializes in communications technologies with a heavy emphasis on the disruptive nature of mobile technologies. All opinions are her own. AT&T has sponsored this blog post.

Maribel Lopez CEO Lopez Research About Maribel