Detecting Attacks Takes More Than Just Having the Latest Tools


In this fascinating Peer2 Peer session How Do You Detect Attacks? participants representing enterprise customers, product vendors, and service providers all weighed in on some of the challenges they face detecting attacks. Many were monitoring their networks 24/7 with either in-house staff or managed security services providers. While there was some critique of the products they used and their ease of use, the vast majority of the conversation turned on the lack of available talent. 

Unfortunately, product vendors aren’t doing us any favors with their niche offerings, as they often require organizations undergo a complex process of integrating a variety of these products together to get a better picture. While some “platform” vendors have tried to offer a more robust ecosystem, it’s clear that best of breed is here to stay for the time being, even though marketing hypes a particular product’s capabilities and customers are frequently dissatisfied with the features and performance of the platform vendors across their entire product portfolio.

Beyond talent demands, organizations seem to mimic the needs highlighted in the marketplace with emphasis on moving away from signature-based solutions and toward machine learning and anomaly detection. In general, the group understood the need for more emphasis on detection, even if talent for watching for those events and engaging in pro-active hunting is sorely missing. 

While managed security services are an option, the group had mixed opinions about their value, and budgets still pose some constraints.  More are dipping their toes into threat intelligence and participating in information-sharing groups across industries and other categories—even if the value of the data may be limited. 

Cloud-based offerings are also likely to gain traction as organizations seek to avoid large capital commitments and hope to leverage both technology and talent that the services offer.  While the level of customization that these offerings provide may not be sufficient to satisfy the needs of this group or the larger market, it is a starting point. 

In the end, it’s likely that no outside service hoping to leverage economies of scale and automation is going to truly satisfy the needs of a typical organization. Filling in those gaps is likely going to fall to qualified full-time employees and targeted professional services, both of which seem to be in extremely short supply.

Posted on April 27, 2016

Gib Sorebo

by Gib Sorebo

Chief Cybersecurity Technologist, Leidos

USA 2016

← View more Blogs

This document was retrieved from on Sun, 23 Oct 2016 08:01:27 -0400.
© 2016 EMC Corporation. All rights reserved.