- It takes only minutes for a sophisticated attacker to breach an enterprise network, but it can take months to uncover their presence.
- Reducing that time to discovery can minimize the damage done, but there are multiple ways to try to achieve faster detection. Which route should you choose?
I had an interesting conversation the other day with a company in the still fairly small market niche called incident response, and it got me thinking about the evolution of the threat landscape and the time that it takes enterprises to respond to new market conditions – especially in the security market. I think by now most large enterprise security administrators and CISOs understand that it is not a matter of if, but when their organization will experience a breach – one that could potentially be very painful for the whole organization. But recognizing that sad fact does not help those administrators and executives understand the most effective way to tackle the new challenge presented by more sophisticated, stealthy, multi-stage attacks. Exacerbating their dilemma is an increasingly porous enterprise perimeter, where computing workloads are shifted outside the traditional DMZ and end users are allowed (or go around policies that prohibit) access to corporate data from their own smartphones, tablets and even laptops. Continue reading “Okay, Breaches Are Inevitable: So Now What Do We Do?”