Prevention is always the best way to manage a cybersecurity incident. However, the reality of the modern cyber threat landscape is that prevention is simply not enough. Cyber threat actors have become increasingly sophisticated and know ways to circumvent traditional cybersecurity defenses. The two approaches are complementary, not mutually exclusive.
While prevention remains essential to stop most pervasive threats, detection and response technology looks for threats that have already overcome their defenses and then formulates an appropriate response. Repeatedly repeating what Reece told us. More importantly, what's the dog's name, Reece? Another area in which screening is often superior to prevention is internal commitments: a dishonest employee or, worse, a dishonest administrator. Many prevention technologies focus on external attacks, which employees and other internal users can avoid because they have the appropriate credentials.
However, if they access a file and don't (such as recent access to presidential candidates' passport data), detection technologies (in this case records) allow administrators to know that something is wrong. Since determined attackers like these seek to gain benefits, a cybersecurity event is a “when” proposal rather than “if”, creating the need for detection and response technology to coexist with preventive measures. I'll be honest with you, when we came to this kind of conversation between prevention and detection, much of it started with the NIST Cybersecurity Framework and the Lockheed Martin cybermurder chain and all the various approaches, you know, if you look at ISO 27,000 and it doesn't even have a unifying approach. Organizations that lack the staff needed to design, implement and manage a detection and response program may find it easier to hire an external resource, such as a managed security service, to increase internal capabilities or manage detection and response activities.
Sophisticated security testing programs for detection and response technology allow companies to deepen their understanding of what is happening within their networks in order to detect threats before they take root and cause damage. Yes, I think the reason why isn't because, for cybersecurity companies, the detection response is more valuable to them. Look no further, visit the National Institute of Standards and Technology (NIST), which offers full support for prevention and detection. And Jasson was right: the five functions that NIST actually invokes could be reduced to three actionable functions, which are simply to prevent, detect and respond.
Detection technologies are sometimes used in conjunction with prevention technologies to stop or mitigate an ongoing attack, such as intrusion prevention systems (IPS). While a layer of prevention remains essential to stop most pervasive threats, a rebalancing exercise that emphasizes detection and response capabilities will usually generate significant benefits.