Indeed, last year's Verizon Data Breach Investigations Report revealed that less than one percent of advanced threat attacks were successfully spotted by SIEM systems.
Yoran went on to share five key principles of a next-generation approach to security based on faster detection and a more effective response:
1) Stop believing that even advanced protections work - "No matter how high or smart the walls, focused adversaries will find ways over, under, around and through."
2) Adopt a deep and pervasive level of visibility, from the endpoint to the network to the cloud - "The single most common and catastrophic mistake made by security teams today is under-scoping an incident and rushing to clean up compromised systems before understanding the broader campaign. Without fully understanding the attack, you're not only failing to get the adversary out of your networks, you're teaching them which attacks you are aware of and which ones they need to use to bypass your monitoring efforts."
3) Effective identity managements matter more than ever - "[This] boils down to three things: governance (understanding who should have access to what), access (controlling who has access to that information) and lifecycle (managing the evolution of that access over time). Identity must be managed past the gateway... At some point in every successful attack campaign, the abuse of identity is a stepping stone the attackers use to impose their will."
4) Organisations must leverage external threat intelligence - "The CISOs that give their security teams time to hunt around the environment to understand what normal looks like will quickly spot unusual traffic patterns. In the same way a neighbourhood police officer gets to know people, cars, comings and goings in a neighbourhood, the unusual will strike him immediately as odd - so can your analyst hunters, if they are given the time to do it."
5) Security programmes need to be guided by an understanding of risk - "You must understand what matters to your business and what is mission-critical. You have to focus on the important accounts, roles, data, systems, apps and devices - and defend what's important and defend it with everything you have."
Yoran reminded the audience that technologies already exist for companies to move to a more effective approach to security focused on faster detection and response to security threats. This means that the issue does not lies with the technology - instead, it is a "mindset problem". The world has changed, and we must change too, he concluded.
Sign up for CIO Asia eNewsletters.