The extent of security incidents and breaches seen today is so high and so widespread that no organisation should be complacent. Rather, organisations should work on the principle that it is probable that they have already been breached. Traditionally, many security technologies have focused on preventing threats from penetrating their networks, but, faced with increasingly sophisticated, well-resourced, and businesslike attackers with the ability to target specific individuals and organisations with tailor-made exploits and to evade such defences, such tools are no longer sufficient. Prevention alone is not enough.
The ability to defend against the advanced cyber threats and breaches that are a fact in today’s complex threat landscape requires a combination of three capabilities—prevention, detection and response. Detection is the new imperative, but security incidents and breaches are taking ever longer to discover. Only by being able to quickly detect threats can the ensuing damage be effectively contained. Remediating events is another area where many organisations fall short, relying on manual efforts owing to reluctance to take actions that might introduce further threats, in part because they lack full visibility over what is happening on their network.
A new breed of security intelligence platforms give the visibility that is required into all network threats and incidents and provide the context that is needed to gauge what events are impacting the network and their potential impact. From the information that such platforms provide, organisations are able to gain actionable insight that can lead to better informed decision-making. Actionable insight can be defined as the ability to analyse large quantities of data to infer behavioural patterns for people and things to enable the automation of business processes that leverage that insight, replacing what were, historically, manual activities. In a security context, it requires the ability to collect and analyse massive volumes of event data from throughout the network and all devices, users, and applications that connect to it in real time so that appropriate action can be taken.