In a survey of 500 IT security experts, Exabeam researchers discovered that nearly two-thirds of their respondents (65%) prioritize prevention over detection as their number one endpoint security objective. For the remaining third (33%), detection remained their utmost priority.
Late to the Party
To make the situation worse, the businesses actually act on this idea. The majority (59%) allocate the same amount to detection, investigation, and response, while nearly three-quarters (71%) spend between 21% and 50% of their IT security resources on prevention.
According to Steve Moore, chief security strategist at Exabeam, the issue with this strategy is that the businesses concentrate on prevention while threat actors are already there, rendering their efforts useless.
“As is well known, the real question is not whether attackers are on the network, but how many there are, how long they have had access and how far they have gone[…]Teams need to raise awareness of this question and treat it as an unwritten expectation to realign their investments and where they need to perform, paying due attention to adversary alignment and re
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: