Leading companies are changing their approach to cyber-security.
Here are the top 5 ways successful CSOs stop attacks:
Focusing on detection and response
Preventive controls are ineffective against modern attacks that always find a foot in the door. Modern practitioners assume compromise has occurred, and build detection & response capabilities, instead of trying to plug every single loop-hole. Changing their mindset from prevention to detection is then perhaps the #1 way in which CSOs stop attacks.
Making security alerts actionable
In an average week, companies face 17,000 security alerts, most of which are false alarms that lead to real problems not being dealt with in time. CISOs are opting for technologies with very low false positives (less than 1% of alerts), freeing security teams to act on real threats instead of false positives.
Increasing internal network visibility
‘Dwell time’ (how long an attacker is undetected in the internal network) is usually measured in months or years. Top security leaders are focusing on internal network visibility to reduce the dwell time to minutes and thwart attacks faster.
Removing the human element in monitoring
Analysts monitoring screens in shifts has proved ineffective as people can’t find suspicious patterns in huge volumes of security data. CISOs of leading companies now favour automated attack detection which reduces dependence on human analysts and lowers operational costs.
Catching attacks early with threat intelligence
Detecting an attack during the planning stage is incredibly powerful as it can be mitigated before it even begins. CISOs are setting up early warning systems to detect when they are targeted and give the security team the time advantage.
Sources: Analysis of targeted attacks in the last 3 years, surveys of C-level executives tasked with security, and 2014 – 2015 industry research reports.