Detecting Attacks Takes More Than Just Having the Latest Tools


Posted on

In this fascinating Peer2 Peer session How Do You Detect Attacks? participants representing enterprise customers, product vendors, and service providers all weighed in on some of the challenges they face detecting attacks. Many were monitoring their networks 24/7 with either in-house staff or managed security services providers. While there was some critique of the products they used and their ease of use, the vast majority of the conversation turned on the lack of available talent. 

Unfortunately, product vendors aren’t doing us any favors with their niche offerings, as they often require organizations undergo a complex process of integrating a variety of these products together to get a better picture. While some “platform” vendors have tried to offer a more robust ecosystem, it’s clear that best of breed is here to stay for the time being, even though marketing hypes a particular product’s capabilities and customers are frequently dissatisfied with the features and performance of the platform vendors across their entire product portfolio.

Beyond talent demands, organizations seem to mimic the needs highlighted in the marketplace with emphasis on moving away from signature-based solutions and toward machine learning and anomaly detection. In general, the group understood the need for more emphasis on detection, even if talent for watching for those events and engaging in pro-active hunting is sorely missing. 

While managed security services are an option, the group had mixed opinions about their value, and budgets still pose some constraints.  More are dipping their toes into threat intelligence and participating in information-sharing groups across industries and other categories—even if the value of the data may be limited. 

Cloud-based offerings are also likely to gain traction as organizations seek to avoid large capital commitments and hope to leverage both technology and talent that the services offer.  While the level of customization that these offerings provide may not be sufficient to satisfy the needs of this group or the larger market, it is a starting point. 

In the end, it’s likely that no outside service hoping to leverage economies of scale and automation is going to truly satisfy the needs of a typical organization. Filling in those gaps is likely going to fall to qualified full-time employees and targeted professional services, both of which seem to be in extremely short supply.

Security Strategy & Architecture

cloud security managed security services threat intelligence professional development & workforce

View More Blogs

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs