by Keith McCammon

Prevention is just detection with an action at the end.

-Casey Smith (subTee)

In security operations, or any harm prevention discipline, speed is really important. The faster you can find the bad thing, the better your chances of rolling over a proverbial speed bump vs. hitting a brick wall.

But speed can work against you: Move too fast, and you run a very real risk of responding decisively to the wrong things. False positives are never ideal, but can be made far worse when you take disruptive action on them.

A couple of the concepts I’d take away from this article:

  • Time to Detect, noting the important relationship between prevention detection: Prevention only exists where there is highly accurate and fast detection.
  • Time to Verdict, which is a great way to think about triage: The goal isn’t to triage faster, it’s to triage as fast as you can make good decisions.
Discussion: LinkedIn

Categories:

Updated:

You May Also Enjoy

A simple framework for talking to leadership about a cybersecurity program, particularly for an inbound security leader looking to level-set:

Where do your incidents come from?