​Why detection and response holds the key to corporate data protection

3 reasons why prevention is pointless unless it’s tied to a detection and response capability

Picture: Steve Jurvetson, Flickr

Picture: Steve Jurvetson, Flickr

There’s no guarantee your business will never be hacked. Ransomware attacks and data exfiltration are plaguing Australia’s IT landscape. At the same time, a lack of visibility into hidden threats within IT infrastructure is making local organisations more vulnerable than we dare to think. Almost a quarter of Australian organisations deal with security breaches that interrupt their business on a monthly basis. Businesses with the most complex data are falling victim to security hacks – look no further than recent DDoS attacks and the Mirai botnet.

Without advanced threat detection, attacks are often months or years old by the time they are discovered. Findings from FireEye M-Trends Report 2016 show the average number of days to detection is 146, and that 53 percent of attacks are detected externally, on average at 320 days.

The quicker your business detects anomalies in your infrastructure, the better. Enterprises are changing security spending strategies, moving away from prevention-only to focus on detection and response. This shift in approach comes as spending on security is expected to reach US$90 billion in 2017, according to Gartner.

These findings support the idea that prevention is pointless unless it’s tied to a detection and response capability. Let’s take a closer look at three factors that are contributing to this shift in mindset:

1. Making sense of data

This will improve the security posture of your organisation. More often than not, organisations are generating vast amounts of security-relevant data. Monitoring and analysing data is integral to gaining insight to what is happening across your network, and most importantly, detecting threats.

Advanced analytics are key to producing insights from large volumes of data. Traditional security information and event and management (SIEM) solutions often struggle to keep pace with the ever increasing volumes of data, and the variety of data produced in today’s corporate environment. Data which is not collected within these systems creates a ‘blind spot’ which inhibits the effectiveness of your security team, and limits the potential insights for your business. The key benefit of modern analytics platforms is the ability to leverage analytics and machine learning capabilities across a single data set for use by both business and security teams.

2. Better, faster decisions during security incidents

Once you detect a threat within your environment, appropriate response is vital. Threat actors today move much faster than any security person could respond with manual tools. Analytics and automation platforms are the essential tools for incident responders as they track, contain, and mitigate multi-vector threats.

This is where the power of security analytics and machine learning comes in. For example, machine learning detects data anomalies in real time. This used either on its own or in combination with a traditional SIEM reduces complexity and provides a more timely response, again saving resources and time.

3. Hackers change behaviour and you should too

When an attacker hacks your network, they’ll change techniques if they realise they’ve been discovered. They’ll most likely use a team armed with highly automated tools to do a smash-and-grab – snatching data off your network as quickly as possible. You need to adapt your response in the heat of the action. This is particularly vital for organisations storing sensitive information, such as finance and healthcare companies.

Using an adaptive response technology, you’re able to do just that. A connected nerve system enables organisations to analyse and correlate a wide range of data across a multi-vendor environment, helping their security team to work faster and with more agility. This is especially crucial when attempting to outsmart teams of hackers.

As IT security threats evolve exponentially, remember that you can’t stop a highly determined attacker from targeting your data. However, with the right security solutions, you can make your organisation an extremely difficult target.

Simon Eid is Area Vice President, Splunk ANZ

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags businesssplunk

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Simon Eid

Simon Eid

PC World
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?