Cyber Security Investments: Experts Discuss Detection vs. Prevention

by Nate Lord, Digital Guardian, September 26, 2016

Detection or prevention? 36 security pros and IT experts share their top recommendations for prioritizing security investments.

Enterprises are increasingly aware of the growing need to invest in sound security measures capable of securing valuable company data in the ever-evolving threat landscape. But in the face of budget constraints, some companies find themselves weighing the pros and cons of investing in threat detection versus prevention. Is it possible to achieve a robust security posture by investing in either detection or prevention alone? What should today’s enterprises prioritize in terms of security investments, and why? What’s the appropriate ratio of security spend that should be dedicated to prevention efforts and detection measures?

There are various angles to consider and explore when it comes to this subject. However, it’s one of the most pressing questions facing enterprises today as companies seek to cut wasteful spending and reduce IT costs while improving their security posture.

To gain some insight into the choice between detection and prevention and what today’s top IT and security pros view as the top priority, or if it’s possible to prioritize one over the other at all, we asked a panel of seasoned experts to answer this question:

“Should enterprises focus security investments on detection or prevention?”

Find out what some of today’s IT leaders have to say about prioritizing security investments below:

Alex Chaveriat – Alex is a senior Security Consultant with SystemExperts specializing in network and application security.

“When allocating budgets for security programs…”

Companies are often left with a simple yet difficult decision: how much of the security budget should be allocated for detection, and how much should be allocated for prevention?

The maturity of the security program is a good reflection of where the budget should be spent. In a security program’s infancy, prediction and prevention tend to produce results that drastically reduce risk quicker; however, as the program matures, detecting and responding to threats becomes more important.

Gartner predicts a major shift toward detecting and responding over the next few years. Sophisticated security testing programs and inclusive methodologies are creating maturity in established security programs. That maturity is allowing companies to deepen their understanding of what is going on within the company’s network, thus driving their security investment toward detection.

To read what others have to say about Detection vs. Prevention, click here.