Earlier this year, we weighed the costs of ransomware prevention and recovery. This article ties into a greater discussion regarding the differences between taking an assertive, proactive approach versus a reactive approach to digital security. Let’s now wade into this conversation directly.
Reactive Security: Benefits and Shortcomings
To its credit, reactive security isn’t without its benefits. Teams can use this approach to put measures in place that can detect signs of a security incident. They can then act upon that evidence to curtail the scope of the incident and prevent it from escalating into a data breach.
Here are some measures identified by Infosec Institute that teams can use to build a reactive security strategy at their organization:
- Security monitoring tools help to monitor the network traffic for abnormalities that could be indicative of an attack in progress.
- Digital forensic solutions can help teams to understand the tactics, techniques, and procedures (TTPs) employed in a particular attack. With that knowledge, security and leadership can work together to implement changes for the future.
- Anti-spam and anti-malware measures can detect signatures for known malware samples, but they struggle to protect against fileless malware and other evasive threats.
- Firewalls can help filter what’s entering the network, but depending on their configurations, they might leave organizations vulnerable to digital attack.
Using these measures, security teams can respond to an of attack that would otherwise require significant investment for proactive protection. But this implies the measures can detect a security incident before it escalates into a data breach. That’s not always the case.
When it isn’t, organizations could face hefty recovery costs. The average data breach cost organizations $4.24 million in 2021, according to the latest Cost of a Data Breach Report. Those damages grew when digital attackers spent longer amounts of time in a victim’s network.
Indeed, the report found that organizations took an average of 287 days to identify and contain a data breach. This dwell time brought the average price tag of a data breach up to $4.87 million–by comparison, incidents detected and contained in fewer than 200 days cost $3.61 million.
A Security Stepping Stone
Acknowledging the risks discussed above, organizations should not treat reactive security as a terminal point in their security journeys. Rather, they should view it as a stepping stone in their efforts to reach proactive security. This approach is more holistic in nature than reactive security in that it emphasizes threat detection and response.
Towards that end, it requires teams to augment their reactive security measures and to bring in other technologies such as machine learning to defend against threats that might actively target their organization in the future. But such an approach won’t work if teams don’t have comprehensive visibility of their environments, however.
That said, not every means of proactive security is created the same. Consider the fact that Security Information and Event Management (SIEM) tools require data lakes and cloud analytics to centralize security events, making them expensive and highly variable. Even then, many SIEMs generate false positives and alerts in a volume that contributes to a sentiment of “alert fatigue” among infosec personnel.
Security Orchestration, Automation, and Response (SOAR) solutions suffer from the same issues as SIEMs. There’s the added complication of finding integrations that work with other security tools deployed across organizations’ security stacks. Endpoint Detection and Response (EDR) can help to detect attacks at the endpoint level, but as such, they can’t provide visibility into malicious operations that stretch beyond endpoint devices.
Given the shortcomings of SIEMs, SOAR solutions, and EDR platforms, security teams need something more than these outdated methodologies: Extended Detection and Response (XDR). This security approach enables SecOps teams to get behind the wheel of their organization’s security efforts by delivering the context-rich correlations across the entire IT ecosystem required to end complex attacks earlier.
The AI-Driven XDR Advantage
An AI-driven XDR solution enables SecOps teams to embrace an operation-centric approach to security that delivers the visibility organizations require to be confident in their security posture across all network assets and the automated responses to halt attack progressions at the earliest stages.
In addition, an AI-driven XDR solution provides Defenders with the ability to predict, detect and respond to cyberattacks across the entire enterprise, including endpoints, networks, identities, cloud, application workspaces and more.
Cybereason is dedicated to teaming with Defenders to end attacks on the endpoint, across the enterprise, to everywhere the battle is taking place. Learn more about AI-driven Cybereason XDR here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.
