Back to Glossary Home | Threat detection and response (TDR)
Threat Detection and Response
What is Threat Detection and Response?
In cybersecurity, threat detection and response (TDR) works to find and limit threats to an organization’s data and systems through collected data from organization-wide sources. Once data is collected, response efforts work to mitigate threats by taking action - blocking traffic, isolating affected systems, and notifying the appropriate parties.
What is Threat Detection?
Threat detection is the first part of TDR where data is collected to analyze potential threats. Data can come from system logs, network traffic, and user behavior, among other things, and can be used to identify current and future threats.
What is Threat Response?
After the data has been analyzed, threat response measures begin. Mitigating actions might include isolating infected systems, communicating issues with security teams, and blocking malicious traffic to prevent further infiltration.
How Does Threat Detection and Response Work?
TDR works by gathering data from system logs, network traffic, endpoint-generated events and alerts, and identifying entity and user behavior to find potential organizational threats. Constant monitoring and analysis are necessary for a business to truly be protected and react quickly to risks and incidents.
Threat Detection and Response Challenges
Threat detection and response have become more challenging in recent years due to a number of factors, including the changing threat landscape and the resources available to address it.
- Threat sophistication: Attacks are becoming more sophisticated as cybercriminals work to bypass common safeguards.
- Resource issues: Many organizations lack the necessary resources to adequately defend against incoming threats. It can be difficult for businesses to have the staffing needed to implement and manage TDR efforts.
- IT complexity: The IT environment is becoming more complex. Organizations that have hybrid or multicloud environments may find it even more difficult to manage TDR solutions.
- Human error: A more complex landscape and more sophisticated attackers make human error a more common vector for attack. Employees clicking on malicious links or being inadequately trained to protect against cyber threats can pose a significant risk to your organization.
Types of Threats Associated with TDR
Threats that can be addressed with TDR include common and advanced persistent threats.
Common Threats
Malware, ransomware, phishing, and distributed denial of service (DDoS) attacks are all common threats you may be able to identify with threat detection and response tools. Most of these threats come from outside actors, and ransomware has become one of the most frequent and costly threats.
Advanced Persistent Threats
In advanced persistent threats, hackers put down roots to establish long-term access to a system. This may include one of the common threats as a way in, but the initial action entails bigger goals.
While common threats like ransomware include an announcement of the attack, many advanced persistent threats involve attempts to remain undetected for long periods of time. Outside of stealth, advanced persistent threats are set apart from common threats by being more targeted, being sponsored by nation-states, and having more specific end goals in mind.
Methods of Threat Detection
Threats are detected using four major methods: Machine learning-based, anomaly-based, behavioral-based, and signature-based.
- Machine learning: With machine learning, algorithms can be created using historical data to identify new threats in a highly sophisticated manner. It is one of the most effective threat detection methods available.
- Anomaly: Anomaly-based detection uses normal data patterns to identify anything that falls outside the norm. While it works similarly to machine learning-based threat detection, it isn’t as intricate.
- Behavior: Behavioral-based threat detection examines user behavior and flags anything that looks like suspicious activity. This can provide a strong method of threat detection; however, it can also throw false positives. Configuration and maintenance can also be trickier.
- Signature: The most common form of threat detection is signature-based threat detection, where specific threats are identified by their unique patterns. This is a good method for known usual threats but isn’t great at finding new or emerging threats.
How TierPoint Can Help With Threat Detection and Response
Threat detection and response is a 24/7 job, but most businesses lack the staffing resources or in-house expertise to accomplish this. Working with an outsourced team can help you augment your existing cybersecurity team and help you better prepare for emerging and increasingly complicated threats.
Related Services
Augment Your Security Expertise with Threat Hunting and Incident Response.
