The need for active response to advanced threats – passive remediation is insufficient
Today’s advanced attacks are increasingly pernicious, with attackers looking to bury deeply into networks so that they can carry out their deeds over long time periods, increasing their chances of garnering a horde of sensitive, valuable information. Those attacks are so widespread that every organisation should consider that it is a victim. It is no longer if, but when and how often an organisation will be attacked. Prevention alone is no longer sufficient.
Rather, organisations need to be proactive in seeking out incidents that have occurred and in actively removing threats. A strategy of containing threats is just a stopgap. Manual investigation and remediation of individual threats—often with the aid of a services organisation, whose mitigation efforts are often not repeatable—must be replaced with automated threat removal. This will allow an organisation not only to recover from security events faster and more efficiently, but will allow it to benefit from the automated learning offered by security platforms that provide effective tools for threat removal, providing it with the ability to better safeguard itself against similar events in the future. In this way, business disruption will be minimised and the organisation will be better able to get on with what it does best.