“You can’t protect everything equally…we have to find a way to control only what matters.” With these words, Earl Perkins, research vice president at Gartner, struck upon the main security challenge currently facing businesses and governments. The problem is, if you were to attempt to keep all entry points covered, you’d be spreading your security resources too thin. We must assume that it is not possible to block all entry vectors at the same time — cybercriminals will eventually find a loophole through which to enter the systems of organizations.
With this in mind, it is time for companies to change their mindset and, according to Perkins, “take the money you’re spending on prevention and begin to drive it more equitably to detection and response. The truth is that you won’t be able to stop every threat and you need to get over it.”
Detain, respond, and remediate
As Gartner puts it, the trend for the remainder of 2017 and 2018 will involve a more equal budget breakdown between prevention measures and those for detection, response and remediation. In particular, companies will invest a greater amount of economic resources in Endpoint Detection and Response (EDR) solutions that complement the already existing EPP (Endpoint Protection Platform) measures, filling in the gaps left by the latter approach.
The market for EDR-type solutions has been booming since 2016, when revenue doubled in comparison with 2015, from $238 million to over $500 million. Gartner expects annual growth of 45% by the year 2020, well above the estimated growth of the information security market in general during the same period (7%).
These figures are telling. For one thing, they reinforce the idea that the fight against cybercrime requires solutions that allow complete visibility of all endpoints and gather valuable data in order to discover, analyze and respond to complex attacks. To do this, IT teams will look for solutions that integrate features such as automatic alerts that list threats according to priority for analysis by security teams, combining in turn automatic defensive measures that are triggered instantly upon detecting an attack. Another key feature of a quality EDR solution is the inclusion of forensic information, with the ability to break down the attacker’s actions within the network for future analysis. This, in turn, will allow you to locate software with known vulnerabilities that is installed on your company’s network.
After implementing effective EDR solutions, as Gartner anticipates, the next goal will be to incorporate predictive capabilities that alert IT teams to unusual behavior patterns. Thanks to predictive tools, security teams have the ability detect threats that would ordinarily go unnoticed by traditional solutions. In this sense, the combination of Big Data with artificial intelligence helps to analyze and classify huge amounts of data to discern where the main risk factors lie before attackers can take advantage of those vulnerabilities.
The use of both technologies also allows for the use of predictive models based on the information extracted after having undergone a security breach. This sort of data is invaluable to security teams.
With the application of these technologies, the goal will be for our company to operate in a continuous response mode to any possible security incident, whether a traditional threat, a vulnerable application, or an advanced hacking attack. And this training will only be achieved by jointly implementing prevention solutions (traditional protection, firewall, data protection such as file encryption, etc.) and detection and response solutions (threat intelligence, forensic information, threat data correlation, etc.).
Adaptive Defense 360, the perfect combination of EPP and EDR
In a market that is geared towards striking a balance between investments in EPP and EDR, Adaptive Defense 360 is optimally positioned. It is the first cybersecurity service to combine advanced protection technologies and detection and remediation capabilities, with the ability to classify 100% of processes running on a corporate network. It uses contextual intelligence to reveal patterns of malicious behavior by correlating all collected data (more than 1TB daily!) Adaptive Defense 360 combines contextual logic with cyber-defense actions to anticipate threats and data breaches, protecting more than 16,000 companies worldwide.