Upon reading my previous post, a few of you have wisely pointed out: … but detection of WHAT? How can you talk about the best starter tool for threat detection without any concept of the subject of said detection?
OK, fine! 🙂 I made assumptions and you know what they say about people who “ass-u-me.” Specifically, I assumed the detection of commodity threats that plague everybody (not unique and targeted ones): all this ransomware and “cryptominingware” stuff, other popular malware, popular web hacking, phishing, popular DDoS and popular other intrusions (POS hacks if you have POS, etc). Note that the context for this discussion is organizations who have barely evolved from “security = firewalls + anti-virus + SSL” stance!
While everybody tosses the term APT around (do they still?), nation-state and advanced, let’s do the opposite: what threats do you consider to be BASIC and COMMODITY? What threats nobody should ignore? What are today’s non-advanced threats?
- Commodity malware including ransomware
- Basic web hacking (if you have web presence)
- Credential theft/abuse
- Basic volumetric DDoS
(note that the above list is not taxonomically pure, since it mixes up attack methods, threats and incident types, but perhaps this is OK for the audience of this effort)
Still too hard for the audience in question?
Blog posts related to this project:
- The Best Starting Technology for Detection?
- Back to Basics: Indispensable Security Processes for Detection and Response
- New Research: Starting Your Detection and Response Capability
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.