THE THREAT LIFECYCLE MANAGEMENT FRAMEWORK
Preface
Globally, sophisticated cyber-attacks are compromising
organisations at an unprecedented rate and with
devastating consequences. Modern attackers, including
criminal organisations, ideological groups, nation states
and other advanced threat actors are motivated by a wide
range of objectives that include financial gain, industrial
espionage, cyber-warfare, and terrorism. These attacks
are often very expensive for compromised organisations,
costing each company an average of USD $7.7M.1
The odds that your organisation will be compromised are
high. In fact, a recent report indicates that 76 percent
of surveyed organisations were compromised in 2015. 2
Against this backdrop, organisations increasingly expect
that it’s not if they will be compromised, but rather when
will they be compromised.
The Modern Cyber Threat Pandemic 3
Regulatory fines, public relations costs, breach notification and protection costs, and
other consequences of large-scale data breaches are well-understood. But the effects
of a cyberattack can ripple for years, resulting in a wide range of “hidden” costs—many
of which are intangible impacts tied to reputation damage, operational disruption or
loss of proprietary information or other strategic assets.4
-Deloitte, Beneath the Surface of a Cyberattack
Ponemon 2015 Cost of Cyber Crime Study
CyberEdge 2016 Cyberthreat Defense Report
3
Symantec, Underground black market: Thriving trade in stolen data, malware, and attack service.
November 20, 2015; Medscape, Stolen EHR Charts Sell for $50 Each on Black Market, April 28, 2014
4
Deloitte, Beneath the Surface of a Cyberattack, 2016
1
2
WWW.LOGRHYTHM.COM
PAGE 3
THE THREAT LIFECYCLE MANAGEMENT FRAMEWORK
A new approach is required
The traditional approach to cybersecurity has been to use
a prevention-centric strategy focused on blocking attacks.
While prevention-centric approaches do stop many threats,
many of today’s advanced and motivated threat actors are
circumventing these defences with creative, stealthy,
targeted, and persistent attacks that often go undetected
for significant periods of time.
In addition, modern organisations are exposed through
increasing interconnectedness—the growing use of
cloud-based applications, the proliferation of mobile
technologies, and the Internet of Things (IoT)—that
blends the use of consumer and corporate technologies.
The result is a rapidly growing attack surface that is
increasingly difficult for your security and operational
teams to protect without impacting the core business of
your organisation.
In response to the shortcomings of prevention-centric
security strategies and the challenges of securing an
increasingly complex and open IT environment, many
organisations are progressively shifting their resources and
focusing towards strategies centered on threat detection
and response. Gartner estimates that by 2020, 60 percent
of enterprise information security budgets will be allocated
for rapid detection and response approaches, up from less
than 20 percent in 2015. 5 Security teams that are able to
reduce their mean time to detect (MTTD) and mean time
to respond (MTTR) can materially decrease their risk of
experiencing a high-impact cyber incident or data breach.
Unfortunately, the growing complexity of IT and an
increasingly hostile threat landscape has made it
challenging to realise reductions in MTTD and MTTR. Most
organisations are struggling to keep up with the volume
of security alerts—many of them false positives or of low
quality. This has created organisational “alarm fatigue” that
inhibits security teams from identifying real threats that
could lead to a damaging cyber-incident or data breach.
Security teams also often lack effective tools, automation,
and processes for streamlining threat investigations and
incident response. These challenges are evidenced when
looking at recent data breaches. Too often, the time it took
for the affected organisation to discover and respond to the
data breach was measured in months, and in some cases
years, with the average time to detection being 146 days
in 2015.6
Faster detection and response reduces risk
Gartner estimates that by 2020, 60 percent of enterprise information security budgets will be
allocated for rapid detection and response approaches, up from less than 20 percent in 2015.5
5
6
Shift Cybersecurity Investment to Detection and Response, Gartner, 2016
M-Trends 2016, Mandiant Consulting
WWW.LOGRHYTHM.COM
PAGE 4
Please complete the form to gain access to this content