While breaches make the news regularly, there are many enterprises who don't show up on the front page having to notify all of their customers that their information has been exposed. The successful security programs behind those companies keeping their customers safe don't always spend more on security but they invariably have learned to balance their security resources across prevent more, detect faster, mitigate more accurately, and minimize damage.
Attackers will always find a way through defenses. While their initial network penetration takes a few minutes and is hard to detect, the attackers' have to perform a series of actions once they are inside the network, offering a window of opportunity for detection early in the attack life-cycle - giving enterprise defenders a chance to quickly act to forestall or minimize business impact. Doing this effectively takes a mix of mature security processes, analyst skill and \force multiplier" tools.
In our upcoming webinar, SANS Director, John Pescatore and Head of Cybereason Labs, Lotem Guy, will discuss the attack lifecycle post-penetration and will offer an approach for successful detection.