Posted: 3 Min ReadFeature Stories

The Growing Challenges of Threat Detection and Response

Why is threat detection and response getting harder? Recent ESG research explains why

With each new data breach or cyber attack, the complexity around threat detection and response grows and the pressure on enterprise security teams intensifies.

The fact is that threat detection is complex and according to a recent survey by ESG Research, only getting more so. Sponsored in part by Symantec, the ESG survey of enterprise cyber security leaders revealed that more than three-fourths (76%) of those polled believe that threat detection and incident response is more difficult today than it was just two years ago. It’s a startling result, and especially given the enormous amount of attention, resources and investment expended over the past several years in cyber security defense strategies and products -- and potentially proof that the situation may only get worse in the future.

The ESG survey begs the question: Why are threat detection and response processes so challenging? I believe the answers are both simple and complex. The problem is simply that cyber attacks continue to grow in volume and sophistication. Simply put, they never end, and they continue to become ever more difficult to detect.

An Endless War of Attrition

The threat landscape very darkly mirrors the typical processes involved in software development. While software developers have adopted constant iterative processes to improve their software, attackers are just as relentlessly working to develop and refine software programs that allow them to get around the latest cyber defense.

This never-ending war of attrition saps the average enterprise’s ability to stay ahead of the attackers. Most organizations just don’t have the time, resources or enough skilled people to deal with the constantly morphing and shape-shifting threat landscape. And that’s just the beginning of the challenge -- and time is running out.

The ESG research makes it clear that business leaders expect their security leaders to change this status quo. 70% of the security professionals say that business management is pressuring their cyber security teams to improve their organization’s threat detection and response. While an even larger percentage (82%) agree that improving threat detection and response is now a high priority of their organizations.

Most organizations just don’t have the time, resources or enough skilled people to deal with the constantly morphing and shape-shifting threat landscape.

Disconnected and Haphazard Manual Response

One of the principal obstacles to improvement is that many organizations approach threat detection and response through a maze of disconnected point tools. 66% of the survey’s respondents agree that their threat detection and response is limited because it is based upon multiple independent tools. An almost equal number (64%) agree that the problem is compounded -- and their efforts further limited -- because their threat detection and response is based on too many manual processes.

It’s not hard to see the challenges this disjointed approach can create. Each of these independent tools must be deployed, configured and operated separately on a daily basis. Adding to the complexity, each of these tools provides its own myopic alerting and reporting. It’s an enormous challenge just correlating the sheer volumes of data from these separate input streams and contributes to a significant lack in real-time visibility.

Understaffed and Overwhelmed

Making sense of this tsunami of data requires security analysts with the skill sets and training to pull together a complete threat management picture from across multiple sources that might include endpoint security tools, network security tools, and mega-data threat intelligence from global security operations centers. Analysis that is also dependent on manual processes that too often may take too much time to prevent an attack before it’s already underway.

It’s a process that’s further hamstrung by a shortage of the cyber security skills needed to do the analysis and respond effectively. 68% of the cyber security leaders in the ESG survey agreed that their organization’s “threat detection and response effectiveness is impacted by a shortage of security staff members and/or limited security analytics and incident response (IR) skills.”

So, what’s the way forward to improving threat detection and response?

Given the many challenges, it’s clear that the right solution must provide the services and capabilities needed to help cyber security teams address the ever-widening gyre of the threat landscape. Services that allow security staff to proactively detect any threat and the capabilities to correlate, analyze and respond quickly and effectively to any incident.

This is where EDR solutions and Managed Endpoint Detection and Response services can play a big part in keeping you safe. Join us for a webinar on the current state of EDR and MEDR to find out more.

Symantec Enterprise Blogs

Explore the Benefits of Endpoint Detection and Response Tools and Services

Plagued by sophisticated threats, increasing workloads, and an ever-expanding attack surface, security teams are turning to Endpoint Detection & Response (EDR) tools and Managed Endpoint Detection and Response (MEDR) services.

Symantec Enterprise Blogs
You might also enjoy
3 Min Read

Sometimes Threat Hunting Isn’t Enough

Proactively searching for threats is critical, but organizations trying to stop advanced threats need to understand that threat hunting is only one piece of the protection profile

About the Author

Bob Shaker

CSS Product Manager, Emerging Solutions

Bob is responsible for delivering the strategy and direction of all emerging solutions including Managed Detection and Response, the Cyber Insurance Center and future innovations.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.