One of the biggest problems in detecting an attack is that there are so many places where the attacker could land – having our eyes on all of them at the same time becomes a very difficult challenge. After all, if we could have eyes on them all, surely we could protect them all. That’s where we need a mindset change to regain our effectiveness.
Assuming that compromise is inevitable, what is most important to your organization? Customer data? Availability of a service? Intellectual property? Which assets are most important to you? Once you have established the answers to these questions, ask yourself who would want to attack those assets.By starting from what’s of greatest value to you and most likely to be attacked we’re in the right place to focus our security efforts. In this scenario detection becomes a strength and not a weakness. This is not to say that prevention should be abandoned. With a threat-centric approach to security, we can map the paths an attacker could take to gain access to our most prized assets. Through vulnerability prevention, we can reduce the number of paths available to an attacker to just the legitimate routes that the people in your business actually use. With attack detection, we can monitor those legitimate user cases for suspicious activity. If we are now detecting these attacks, we can ensure that an effective incident response plan is in place that allows the organization to recover from a breach quickly and smoothly… How can we accurately detect attacks?
