How would you know if your prevention methods failed to catch a critical threat? One of two ways: Either a customer, an auditor, or another third party would find out about it (an embarrassing situation for you) or you could get lucky and find it yourself — which is rare without detection.
Prevention techniques and technologies (e.g., security controls, firewalls, encryption, antivirus), are designed to block an attacker from getting in, and can be critical to your security strategy. However, they can’t be the only defense you have in place. If history is any indicator (and we believe it is), attackers will find a way in. So, as a defender, you also need the ability to detect threats once they are inside your modern cloud infrastructure. That’s why companies are shifting their focus to detection techniques and technologies (e.g., monitoring, alerting).
In this post, we’ll explain what detection does that prevention cannot, what to watch out for if you’re relying on prevention alone, and how you can use them in parallel.