Skip Navigation
BlackBerry Blog

The 'Detect & Respond' Myth

NEWS / 07.07.15 / Braden Russell

It seems like everyone lately has completely given up hope that it is possible to block malware, buying into the myth that defenders are better off placing all their bets on the “detect and respond” approach to security. We all know that by the time you’ve detected and responded, it’s too late! Once the malware runs, you can’t undo the impact just by knowing about it.

Using detect and respond as a security strategy is like leaving the doors to your home unlocked at night, hoping you can stop burglars by confronting them once they’ve already broken in and made their way to the bedroom. The thieves might be on their fifth visit to your house, have already cleaned out the entire first floor, before venturing upstairs. But at least we stand a chance of catching them when they make it to the bedroom. If that was your alarm company’s strategy, you’d fire them.

And detect and respond is only the beginning of the whole story. It doesn’t end when you respond. Nope. That’s where the real fun starts. Think of the numerous incidents you’ve heard about in the news. Respond was just the start of the saga - many of us have free credit monitoring for life after all the incidents that have occurred lately.

There is of course a role for detect and respond in any security program, but only after most threats are blocked through an effective endpoint protection strategy. Once you’ve exhausted all possible avenues of protection, of true prevention, what’s left are a small percentage of threats for the detect and respond program to vet. The problem is that most endpoint security technologies are totally ineffective, overwhelming your responders by demanding that they deal with all the malware that hits your computers.

Instead of leaving all the doors unlocked and hoping to find the intruder before it is too late, focus on locking the doors. Get your hands on next-generation endpoint security technology that really works: CylancePROTECT. In demonstrations in some two dozen U.S. cities, PROTECT blocked more than 99 percent of all threats tested. The leading antivirus solutions stopped less than half of the same malware samples, which were downloaded from a variety of public and private malware feeds.

Secure your endpoints. Dropping your overall endpoint risk exposure to less than 1 percent with PROTECT will enable you to use detect and respond successfully. Once you’ve added PROTECT, you’ve locked the doors and added the guard dogs. Then you can layer in webcams, motion sensors and other safeguards to help you respond to the much smaller number of threats that execute.

As they say, an ounce of prevention is worth a pound of cure. Actually, the brilliant Ben Franklin said that, and were he alive today I think he’d say the same thing. Focus on prevention. Invest in protection.

Braden Russell

About Braden Russell

Fellow Emeritus | Advisory Board Member at Cylance

Braden Russell is an Advisory Board Member at Cylance, and the President and Founder of cybersecurity firm Boldend.