Detection and response to threats is a particularly vital aspect of cyber security for organisations that depend upon cloud infrastructure, so how can IT security analysts increase their ability to recognise network intruders and other adversaries, in order to respond effectively and prevent the damage caused by a devastating attack such as the SolarWinds hacks of 2020?

Splunk has recently released ‘The State of Security 2021’, which surveyed over 500 security leaders across nine leading economies in February 2021. Splunk Vice President APAC, Simon Davies, says current trends in cyber security detection and response include the following five:

Cloud complexity: The increasing scale and scope of cyber attacks are crossing hybrid infrastructure and there is insufficient protection across the supply chain. With more organisations adopting a cloud-first strategy, it is imperative that they have cloud friendly controls that are agnostic in terms of the architecture and the cloud service providers.

Half of the respondents to ‘The State of Security 2021’ report cited maintaining consistent policies and enforcement of them across different data centres and in the cloud as a major issue, while 42 percent had concerns about the cost and complexity of using multiple security controls. Transient workloads combined with new software development and heterogeneous public cloud usage look to be the most pressing great security challenge. “There needs to be more investment,” says Davies, “but it’s a question of the appetite for risk from boards and the money they can actually spend.”

Data analysis and consolidation: Data is the most valuable asset when it comes to detection and response,” says Davies. But the vital thing is to consolidate it. If organisations have multiple security systems that are not talking to each other, detection of vulnerabilities is made that much harder. Again, there may be an investment challenge here, but the presence of a focused data platform – a nerve centre inside the organisation – not only provides consolidation across the security and IT fields, but also business analytics, by integration with the organisation’s CRM system, for example.

Skill sets: Perhaps one of the most surprising trends, says Davies, revolves around identifying new sources of staff. “We’re doing a lot of work with universities and organisations around repurposing, as an example, veterans, who have a high ability to deal with risk and stress.” So how can they be educated and put back in the workforce with the appropriate cyber skills? Already suffering a skills shortage, organisations have been put under even more pressure by COVID-related closed borders, so reskilling may be one answer.

Protection of perimeter and remote working: Threat detection has ramped up considerably due to the increasing intensity of cyber attacks, but also the ramifications of remote working and organisations having less direct control over their workforces. With a percentage of the threats coming from inside their own teams, organisations are utilising behavioural analytics, to better understand each employee’s behaviour, what the norm is and, accordingly, when that behaviour is abnormal and suspicious.

End to end visibility: Above all, organisations like Splunk are seeing a hugely increased appetite for total transparency. A service is made of multiple aspects – applications, network, routers, storage, databases – and when the organisation is given end to end visibility of this service, they can see which of their tools are working and where any weak points in the security posture or supply chain are. They are also able to understand and manage their customers’ experience. And that, for any organisation, is always the sweet spot.