According to ESG, after years of settling for “good enough” IT security, enterprise organizations are now finally realizing that this is no longer an adequate approach. This change of heart is directly linked to the recent wave of sophisticated malware, targeted attacks, advanced persistent threats (APTs), and visible security breaches occurring over the last few years.
And rather than settling for the required coverage that demonstrates internal and external compliance, business executives are now asking tough questions about cyber security risk and are even willing to throw money at the problem. According to ESG research, 62% of organizations plan to increase their security budgeting in 2014. Additionally, 32% of all organizations surveyed consider information security initiatives to be one of their top spending priorities in the coming year.
Regrettably however, many CISOs continue to take a tactical approach. They are buying products, consolidating tools, and shifting around personnel, yet are failing to deal with systemic problems associated with incident detection and response.
A new white paper from the Enterprise Strategy Group, Reducing the Critical Time from Incident Detection to Containment, describes a visionary approach for incident detection and response that helps organizations greatly reduce the impact, time, and costs of dealing with cyber attacks. The approach recommends a new level of integration between incident detection and response technologies to create an end-to-end architecture for data exchange, shared analytics, and granular policy enforcement that makes the state of network infrastructure and connected endpoints “aware” at all times. Key elements of this integration include:
- Tight integration — Adding context to incident alerts with details about the endpoints including their types and locations
- Deep visibiity — An in-depth view into configurations and user profiles of endpoint devices to aid in the investigation of suspicious behavior or insider attacks
- Correlation and analytics — the need to correlate information about alerts with details about endpoints to identify an actual compromised device while greatly reducing false positives
- Automation for incident response — How to enforcing security policies in real time to neutralize a breach before it escalates
In a world of increasingly sophisticated threats, this closed-loop, fully-automated cycle for risk management, incident prevention, detection and response will enable companies to minimize the risk to assets, protect the brand, and streamline IT security operations. It’s a must-read for both security and networking professionals. Download your copy here.