Skip to Content
Paid Content

Today’s network protection imperative

As cyberattacks increase in frequency—and threat level—speedy, automated detection and response can help companies stay secure.

In 2020, as businesses, schools, and governments scrambled to adjust to operating remotely, threat actors were busy taking advantage of their vulnerable networks. And many organizations didn’t have the appropriate controls and safeguards, nor the IT hygiene practices, in place to prevent, detect, and respond to security issues before they became major breaches. Industry research shows that 86% of organizations suffered a cyberattack last year, up from 71% in 2015, and ransomware attacks increased by 150%.

This alarming influx of cybercrime has increased the need for security technologies and services that can provide holistic monitoring of network users, systems, and applications.

“There was a mad dash for solutions as companies had to pivot their entire business, which potentially weakened their cybersecurity posture,” says James Carder, chief security officer at LogRhythm, whose NextGen Security Information and Event Management (SIEM) platform helps companies protect their networks by monitoring and analyzing real-time data to detect and respond to threats.

“I look at SIEM as a vast and sprawling landscape, as there is a focus not just on detecting threats but also compliance and operational risk,” Carder says. LogRhythm increased its arsenal of solutions by acquiring MistNet and its cloud-based analytics platform in January 2021. MistNet enhances the broad-based network monitoring of LogRhythm’s solutions through the addition of its network detection and response (NDR) system. This platform offers deep network visibility and behavior analysis capabilities to better detect threats before they can do damage. This combination of solutions, along with SOAR (security orchestration, automation, and response) and UEBA (user and entity behavior analysis) technologies, have helped LogRhythm focus more on in-depth threat detection.

“We pivoted fairly quickly into XDR (extended detection and response, a burgeoning field of cybersecurity),” Carder says. “XDR basically means that a product or platform is solely and hyper focused on threat detection and response.”

That focus can be crucial in limiting the damage of cyberattacks by addressing them quickly. When bad actors gain access to a target’s networks, it takes a median of 24 days before being detected. That’s down from 101 days in 2017—but it’s still dangerously long. In the case of ransomware, for example, the costs of a breach can be sudden and steep. But when detection occurs within a week, the impact on the business is reduced by 77%. If it’s detected within a day, the business impact is cut by 96%, according to research firm Aberdeen Group.

Faster detection and response times don’t just keep networks safer. They also have an important fringe benefit for corporate boards and C-suites—making it simpler to measure the effectiveness of security programs. Until recently, cybersecurity has typically been seen as a cost center within a business. “Historically, it’s been hard to gauge return on investment (ROI) on cybersecurity, but it’s critical to ensuring the health of and contributions to the bottom line of the business. Companies are beginning to ask, ‘How does security enable the business? Is it actually helping to generate revenue or reduce costs?’” Carder says.

Deploying a security solution that detects and responds to threats quickly can help companies avoid these cleanup and recovery costs, which can weigh on profits. Many companies already measure the mean time to detect (MTTD) and mean time to respond (MTTR) to threats. LogRhythm offers further metrics that drill down into all stages of incident detection and response, and the investigative process, to understand how to further reduce MTTD and MTTR.

And with as much as $3.86 million in average cost of a data breach, the potential savings of this early detection and response can make or break a company’s bottom line. “When you think about operational efficiencies, reducing personnel costs or freeing up people to do other things, all that gets calculated into ROI,” Carder says. “Having the machine or the platform do a lot of the work for you, as it relates to incident detection and response, will make the lives of your analysts easier and less stressful, can free them up to work on other important cybersecurity initiatives, and ultimately makes your cybersecurity program better and significantly reduces your risk of experiencing a costly breach.”