Gartner Vice President Anton Chuvakin says reams of data will provide clues and traces of hacking attempts and prove that “super hackers” do not exist. He says it’s all a matter of continuous incidence response.
The analyst said old security incident response models are ineffective when dealing with modern hackers and, although these aggressors use covert tactics to hide their presence, they still leave logs signaling their presence. Chuvakin argues that it’s all about having the right set of tools that allow visibility into a company’s network.
“You should deploy more visibility tools; it’s likely you don’t have enough, even if you think you are drowning in data,” said Chuvakin “Many think the win is not about being secure, but is about stopping the attackers. And that mindset makes it difficult to do advanced incidence response.”
Continuous planning and daily preparation for network breaches is a sign of a modern and always-prepared security expert who is ready to deal with even the newest threat vectors. He describes this process as “incident planning,” emphasizing that it’s a constantly evolving activity or process.
“Security incident response planning is an activity, a process, a verb (if you must),” wrote Chuvakin. “On the other hand, a plan is a piece of paper, as useless as – eh – a security policy that is not tied to monitoring and enforcement.”
All companies should use SOC tools, as they’ll significantly reduce the risk of attackers gaining permanent persistence in a network. Chuvakin refers to SIEM, network forensic tools, and endpoint detection and response tools as the “SOC nuclear triad” of visibility.