Prevention Vs Detection: The Balancing Act!

Prevention Vs Detection: Cyber Security

Prevention Vs Detection: The Balancing Act!

  • By Vaccines and boosters
  • But does it mean we have developed adequate immunity to prevent reoccurrences? What about new mutations?
  • Test (Detect)/Contain/Respond (Cure)

The continued maturing of log and event correlation and analytics platforms such as SIEM, UEBA, context aware DLP as well as the emergence of EDR/XDRs have created a powerful array of security solutions that can dramatically improve an organization’s ability to materially reduce the impact of a breach.

  • Put a plan in place to manage a data breach. If a breach occurs, there also must be a clear protocol in place to identify which employees are managing each component of the plan
  • Input and ongoing involvement from other stakeholders such as Legal, HR, Compliance, and other executives responsible for limiting enterprise risk is critical
  • A post-cyber incident response plan should consider several issues, including:
    • Accurately and quickly notifying customers
    • Ascertain how widespread the breach was
    • Handling legal policies and procedures to report the event
    • Contacting your insurance agent and carrier and managing communications

Another challenge is ensuring your organization has staff with the right skillset to perform effective detection and response activities. Most do not. SOC analysts skilled in active threat hunting and continuous incident response are scarce as well as expensive as a resource. Organizations that lack the necessary staff to design, implement and manage a detection and response program may find it easier to engage an outside resource such as a managed security service to augment internal capabilities or to manage detection and response activities.

  • Principle #1: The defender must defend all points; the attacker can choose the weakest point
  • Principle #2: The defender can defend only against known attacks; the attacker can exploit for unknown vulnerabilities
  • Principle #3: The defender must be constantly vigilant; the attacker can strike at will.
  • Principle #4: The defender must play by the rules; the attacker can play dirty.

Share this post