BACKGROUND IMAGE: matejmo/iStock
Spotting a system breach takes defensive and offensive strategies
Breach detection systems sniff out evidence of a system breach in your network, and they're a welcome, and necessary, development. The reason you need BDS now is that it's impossible to keep advanced persistent threats, malware, and infected devices and systems entirely out of the enterprise network due to the prevalence of criminal hackers, some backed by nation-states. Still, it's not enough to take a purely defensive approach to network security.
If you only play defense and have no offensive security strategy, you will always be playing catch-up. A BDS offers a perfect example. It is, by design, of no use unless someone has already breached your system. An offensive strategy is vital.
Offensive security is not a new idea. Among the aggressively offensive approaches to network security are honeypots and decoys, which lure attackers in and keep them busy while IT security learns everything they can about the attacker. The knowledge gained makes it easier to mitigate risk and even identify and arrest the perpetrators. That is a step in the right direction.
A BDS applies analysis of more kinds of data in larger quantities faster than previous security tools did. The quality of the analysis applied to the system breach also is improving and allows for continuous discovery of new attack behaviors, leading to better rules for automatically defending attacks. BDS vendors are introducing AI and machine learning too. Inevitiably, breach detection will become ever smarter and more automated.
As with team sports and military action, we will need a good balance of offense and defense to maintain a balance of power with our cyber adversaries.