Advanced Threat Detection: Less Hype, More Protection

February 26, 2015
Duane Kuroda

Earn a Better Return on Threat Detection

Spending increase in cybersecurity as a response to growing threats

Like most organizations, you probably invest huge sums on advanced detection, use an array of the latest detection tools, and regularly receive countless security alerts and incident reports. But it’s time to face the facts: You are still not protected.

When it comes to advanced threat detection, it’s easy to develop a false sense of security —especially when you have spent so much on cyber security technology.  Just consider the billions of dollars that Sony Pictures, Target, Neiman-Marcus, and banks around the world have lost to data breaches. 

Organizations of all sizes now face an unprecedented set of security threats, ranging from managing security risks around mobile devices and cloud computing to internal and external cyber threats.

The sad reality: Organizations worldwide face persistent and dangerous business risks due to an increasing number of security incidents, slow or broken response processes, and a long time between threat detection and containment. Global security incidents are now outpacing even the fastest-growing economies and technologies. The number of detected incidents in 2014 globally soared to a total of 42.8 million, a 48 percent leap over 2013.

Security spending is now at the top of the IT priority list for 2015, reports Computerworld’s annual Forecast survey of IT executives.

Be aware of the risks of developing tunnel vision on threat detection tools

To address this problem, security vendors have released a wide range of advanced detection products, including: Security Information and Event Management (SIEM) tools, intrusion detection systems, and advance malware sandboxing technologies. These detection products only drive the need for incident response, generating volumes of security alerts and security incident reports, but without addressing the underlying problem.

Even the latest advanced detection tools and technologies in place are not designed to respond adequately to these modern threats and incidents —and are so focused on detection that they often neglect response management. The new technologies or tools don’t tell you how to stop the malware, how to stop people from clicking on links, or stop zero-day vulnerabilities from affecting your organization.

 “With the number of threats increasing daily, organizations must be careful not to focus solely on advanced detection solutions, they also need to make sure they are investing in incident response solutions,” says Mike Horn, Vice President, Threat and Response Products, Proofpoint. “You can have the best threat detection, but if your security team can’t quickly verify and react to detected threats, you aren’t fully protected.”

The new detection tools raise the awareness that you’ve been breached. But unless you have a plan and ability to contain the threats you detect, you are not protected. Promotion and promises from security vendors represent an aggressive grab for mindshare, making it difficult to separate reality from hype.

To boost your return on detection, you need less hype and more protection 

It’s time to close the loop on advanced threat protection.  For CIOs and IT managers, the challenge is to get beyond the hype of security vendors and wade through the myriad of product features and capabilities.  How do you ensure that you have the right tools and technologies that truly add protection?

To help sort out the reality of the new advanced detection tools, Proofpoint has put together a short list of impactful tips, topics, and questions to apply to your evaluation and decision processes. These tips should help you ask more intelligent questions of security vendors and build your security budget so you can deliver a real return on detection.

To learn more, read Proofpoint’s new white paper: Advanced Threat Detection, Necessary but Not Sufficient.