CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Request a Demo

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Request a Demo
Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
Trustwave SpiderLabs Team
Global researchers, ethical hackers, and responders
Trustwave Fusion Security Operations Platform
Unprecedented security visibility and control
Trustwave Security Colony
Access to cybersecurity threat protection resources
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP
Tips & Tricks

What Is Threat Detection and Response?

August 26, 2020 3 minutes read

For all organizations, no matter what they do or where they are located, cyberthreats are a growing concern. Every year, criminals invent new and innovative ways to steal information, compromise networks, demand ransoms and damage reputations.

To defend against those threats, threat detection and response (TDR) has become one of the most important cybersecurity practices. For organizations that don’t want to make the considerable, often impractical, investment in building TDR capabilities internally, there are managed threat detection and response (MTDR) services that offer significant additional advantages. According to the research firm Gartner, by 2024, 90% of buyers looking to outsource security service providers will focus on TDR services1.

To fully explore what TDR is, and how it can help protect your organization, we’ll start by defining some of the basic concepts and terminology.  

 

The Definition of Threat Detection and Response (TDR)

On its most basic level – absent the unique enhancements that cybersecurity providers add to their offerings – TDR is the practice of finding and identifying threats within your organizational IT infrastructure, which now includes mobile devices and apps, the cloud, the Internet of Things(IoT), and beyond.

Threats can be considered anything which has the potential to do your organization harm—with the types of potential threat vectors your organization needs to be aware of changing and growing almost every year. Many of these threats will evade your first lines of defenses — such as your antivirus programs and firewalls. How you’re able to respond to and mitigate those threats is a key component of your TDR strategy.

 

How Threat Detection and Response Is Conducted

 When your organization is conducting TDR, at a minimum it will be scanning for threats on a 24/7 basis using a combination of threat detection and response tools and methodologies, as there is no single “magic bullet” for effective threat detection and response. You will typically have software sensors monitoring your endpoints, gathering data on events and activity. A security platform will govern that data, helping your security staff identify suspicious activity. Alerts and triggers will typically be set up to help your team know when to take action.

The combination of human intelligence and automated processes is key to conducting effective threat detection and response. Fully automated threat detection and response solutions will not be effective – just as your security team will not possibly be able to fully monitor and analyze all activity in your IT ecosystem without the aid of software.

 

Threat Detection and Response Goals

Beneath the overarching goal of preventing threats from turning into attacks, the objectives of your TDR activity will typically include:

  • Reduction of dwell time inside your network environment. Attackers often have access to compromised environments for an extended period of time – finding and eliminating those breaches is crucial.
  • Proactively hunting for threats, to find the known unknowns that are almost all organizations contend with.
  • Accelerating detection and response to database risk with database security tools
  • Protecting your users from cyber threats and spam with secure email gateway solutions
  • Mitigating the harm when breaches do occur. Threat detection and response solutions and services will help your security teams quarantine the vulnerability, stop malicious processes, and eliminate the threats.
  • Formulating a response to successful attacks. Your TDR tools will be invaluable as your team formulates an incident response plan, considers digital forensics to better understand the attacks, and bolster your security.

There are additional tertiary benefits that a robust TDR practice can provide, such a helping provide visibility into network traffic and data activity.

 

Threat Detection and Response Challenges

As organizations seeks to put effective threat detection and response solutions into place, they will typically face obstacles:

  • The pace of change in cybersecurity is punishing—new threat vectors and techniques are constantly evolving in response to whatever defenses are put in place.
  • Your IT environments are becoming increasingly complex, as the perimeter has expanded to endpoint, email, network, cloud applications and databases. Along with new capabilities, like cloud servers, come new and often unforeseen vulnerabilities.
  • The sheer volume of information your security team needs to analyze is massive – and growing. Shifting through all the “noise” to find actionable intelligence is a daunting task.
  • Integrating all of your tools and solutions can be challenging – many organizations have multiple cybersecurity vendors and products.
  • Evaluating different threat detection and response solutions can be difficult – some providers use vague or overly complex terminology that creates confusion, leading research firms like Gartner to provide guidance on threat detection and response.

In addition to the above, one of the biggest obstacles that organizations will face when trying to implement a threat detection and response solution is the skills gap. Recruiting and retaining top cybersecurity talent is difficult, as competition for experienced individuals can be intense. Organizations typically also grapple with resource limitation that might hamper their ability to properly fund a fully internal threat detection and response capability.

1          Gartner, “Managed Security Services Landscape is Changing”, ID G00719320

 

 

COV_16657_gartner-mdr-cover
ANALYST REPORT

Gartner Report: Ask These Critical Questions and Consider These Risks When Selecting an MDR Provider

This complimentary report from Gartner provides expert guidance on key challenges buyers face when choosing an MDR provider and recommendations to ensure a desired outcome.

Latest Trustwave Blogs

Uncovering the Dirty Secret of Open-Source Code and Its Risks for Organizations

Using open-source code exposes organizations to a tremendous amount of risk, yet this point is treated like a dirty little secret that nobody talks about. So, let’s live on the edge and take a minute...

Read More

Trustwave Named as a Leader in the 2024 IDC MarketScape for Worldwide Emerging MDR Services

Trustwave has been positioned in the Leaders Category in the IDC MarketScape for Worldwide Emerging Managed Detection and Response (MDR) Services 2024 Vendor Assessment (doc #US50101523 April 2024).

Read More

Trustwave Takes Home Global Infosec Award for 2024 Best Solution Managed Detection and Response (MDR) Service Provider

For the second consecutive year, Cyber Defense Magazine honored Trustwave with a 2024 Global InfoSec Award for Best Solution Managed Detection and Response (MDR) Service Provider.

Read More