Security budgets shifting from prevention to detection

According to industry estimates, enterprises have historically spent more than 75% of their infosec technology budgets on preventative technologies. According to a new survey conducted by Anderson Research, the portion of security budgets targeted for detection solutions increased substantially over 2015.

The top challenges in implementing detection as a security solution

73.1% of those surveyed feel they are at risk of a security breach and 51.9% feel their security defenses are reliably stopping threats from getting into their networks. 70.3% are more concerned about in-network threat detection than in 2015. These numbers validate that organizations are adopting an “assumed breached” security posture and are now looking to modernize their security infrastructure with tools that provide accurate in-network threat visibility and will improve their efficiency in post infection detection and response.

Detecting in-network threats can be challenging because of limited visibility, the complexity and resource intensity of correlating attack information and incident response. Alert fatigue is also common challenge driven by many detection solutions generating more alerts than security teams can address. The most common cited issues were:

• Limited resources to respond. In fact, 65.2% indicated they agreed (42%) or strongly agreed (23.2%) with this
• Correlating attack information and activity accurately is too resource intensive (59.2%)
• Too many false positives (52.2%)
• Lack of visibility to threats inside their network (54.5%).

Key motivators for shifting budgets

According to the survey, key motivators for shifting budget to detection solutions include early visibility to in-network threats or misconfigurations that could lead to a breach (68.5%); followed by automated attack correlation for resource efficiency (55.1%), automated blocking and quarantine of attacks of accelerated incident response (42.7%), and the elimination of false positives for accuracy and incident response efficiency (42.1%).

The survey went on to explore the challenges faced by organizations implementing detection as a security solution, which included more logs and data to manage (63.4%), the number of false positives generated (48.3%), lack of trained resources (46.5%), too complex or time consuming to manage (39.5%), more tools to manage (34.3%) and lack of budget (33.1%).

Deception-based threat detection

The concept of deception-based threat detection was introduced in the survey and of the respondents looking for new detection solutions, 60% agree, 11% strongly agreed, that they would consider deception-based detection for in-network threats.

According to Gartner, many organizations can benefit from implementing deception technologies and techniques. Although it is not a requirement from any significant compliance mandate, deception is a valid approach to complement a security architecture and to address some of the shortcomings of other security solutions.

“Increasing the size of detection budgets is a critical change in the security planning process,” said Tushar Kothari, CEO of Attivo Networks. “There have been too many breaches in the past to suggest that prevention tools alone can protect organizations. With advanced detection technologies like deception, the prior complexity and resource intensity challenges of in-network treat detection are elegantly solved.