Attackers will breach your defences. This is not a hypothesis, exaggeration or a fear mongering statement - it is simply a undisputed fact. Regardless of the preventative measures we put in place, a determined attacker with the right motivation, financial backing and skillset will evade these measures. In some cases, the attackers do not even need to evade your preventative measures – your employees take care of that task for them.
This is not to say that prevention is not an important component of a well-rounded security strategy – quite the contrary. Prevention is a critical capability that fortifies your cyber defences, and represents best practice for protecting your organisation. However, IT risk and security leaders must move from trying to prevent every threat and acknowledge that perfect protection is not achievable. Gartner predicts that by 2020, 60 percent of enterprise information security budgets will be allocated for rapid detection and response approaches, up from less than 30 percent in 2016. Organizations need to detect and respond to malicious behaviors and incidents, because even the best preventative controls will not prevent all incidents.
This whitepaper emphasizes the need for Managed Detection and Response (MDR) in addition to preventative solutions. Managed Detection and Response services are designed to act as an extension of your security team and represent the evolution of managed security services.
This whitepaper will cover:
- The role of prevention
- If an alarm goes off and no one is there to hear it – does it make a sound?
- Detection means nothing without the appropriate response
- It’s all about that context
- The importance of rapid detection and response
- Operational incident response