Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

The Surprising Truth About Threat Detection and Response

When it comes to disease, doctors and health organizations often preach the benefits of prevention over detection. The reason is obvious and irrefutable: It makes much more health sense to be proactive and catch something early before it can cause real harm - and also limit the potentially high treatment costs.

But over the past several years, the cybersecurity industry has flipped this way of thinking on its head. When we asked 1,414 security professionals from around the globe, as part of the 2016 Security Pressures Report from Trustwave, to name the security responsibility they face the most pressure to address, 40 percent cited the detection of vulnerabilities, malicious activity or compromises.

Far fewer specified feeling pressured by responsibilities that could fall under the "prevention" umbrella: blockage of malware, social engineering attempts and vulnerabilities (through patching).

If this is indeed a sea change in the way in which you are thinking about security for your organization, it's important to understand why and how to do it effectively.

For starters, you probably have become far better at preventing threats that can be classified as "low-hanging fruit," such as ones that take advantage of widely known vulnerabilities, from entering your environment.

Still, it's possible you are continuing to overinvest in traditional perimeter technologies, which are limited in their capabilities to defend against more targeted attacks - now a very common type of attack in which criminals invest ample time and resources into exploiting a particular organization with custom malware. When these threats pass by your frontline defenses, you tend not to know about them, and they can laterally advance across the corporate network to reached prized assets like sensitive data and intellectual property.

Thus, you must change the perception of security and accept that intrusions are going to happen - and you must detect them before it's too late and respond to them before real damage is done.

That pesky security skills shortage

The reason, however, why so many companies feel pressured when it comes to detection is because they are poor at doing it. Part of that is due to attackers deftly tweaking threats to evade identification, but also because organizations often lack the necessary skills to assess indicators of attack and compromise and isolate a threat once it's made its way inside.

The 2016 Security Pressures Report from Trustwave found that shortage of security expertise now ranks as the third-biggest operational pressure facing security professionals, up from the eighth position last year. In the same vein, when we asked respondents to name their top security wish for 2016, 20 percent cited more security expertise, but interestingly just three percent named staff augmentation. That is proof that companies are starting to realize that throwing bodies at the problem isn't going to solve it. They may have an open headcount, resumes pouring in and even existing employees (and budget) to fill the roles, but they are not discovering the right fits.

For you to mature your detection and response, you need to ensure skilled personnel are at the ready to help you make sense of the "noise," meaning you require people who can comb through alert data to minimize false positives and negatives to determine and prioritize which threats must be addressed, especially in an age when so many new devices are coming online and data is traveling to so many places, including third-parties.

Threat monitoring, analysis and management solutions, for example, not only require basic system administration to perform tasks like running health checks on software, hardware and storage - but also more seasoned skill sets, including the ability to examine data, knowledge of systems across the IT infrastructure, experience with nearly all security point solutions, and the ability to define and analyze threat correlations. Many companies lack this range of abilities in house.

Gaining visibility and insight into what is happening on your network doesn't just involve collection and analysis of logs, vulnerability data and traffic flow - but also requires actionable external data and intelligence (such as the latest exploits and attacker techniques) and an understanding of how these may impact your business.

The same goes for incident response. Businesses often fall short in being able to identify the source of an incident, isolate the affected systems, minimize the repercussions through containment, establish a removal and remediation strategy, and, finally acquire and analyze forensic data - never mind readying themselves for such an episode in advance of it happening.

So where do you find these seasoned professionals if they aren't showing up in your lobby, donning a suit and ready for an interview?

One way you can counterbalance the skills and visibility deficit is by partnering with a managed security services provider, which can provide all of those detection and response capabilities on your behalf.

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.

Latest Trustwave Blogs

Mining Operations: Critical Cybersecurity Threats & Trends Revealed

Cybersecurity professionals often point out that threat actors do not differentiate when choosing a victim. To an attacker, a hospital is as useful a target as a law firm or even a mining operation....

Read More

Phishing: The Grade A Threat to the Education Sector

Phishing is the most common method for an attacker to gain an initial foothold in an educational organization, according to the just released Trustwave SpiderLabs report 2024 Education Threat...

Read More

Unlocking Cyber Resilience: UK’s NCSC Drafts Code of Practice to Elevate Cybersecurity Governance in UK Businesses

In late January, the UK’s National Cyber Security Centre (NCSC) issued the draft of its Code of Practice on Cybersecurity Governance. The document's goal is to raise the profile of cyber issues with...

Read More