How to
Jonathan Crowe
Jun 2016

Understanding Your 3 Core Cybersecurity Needs (& Which to Focus on First)

Photo by Source


Security can get complex in a hurry — to the point where it's easy to lose sight of the point of security in the first place.

(Image inspired by UserOnboard)


Jargon. Conflicting opinions. "It depends" answers. All the different solutions, competing priorities, and approaches. If you've had any exposure to the world of cybersecurity and came away thinking the whole thing is overly complicated, absolutely no one can blame you.

Even now, with the rise of ransomware and phishing putting cybersecurity on just about everyone's radar, the sense of urgency may be clear, but the actual steps you can take to solve these problems can seem as obscure as ever. 

As a result, it's easy to get discouraged and see security as a problem only experts and big budgets can solve. 

That's a mindset that desperately needs to change, because it can result in many companies a) putting off getting started with cybersecurity; and b) missing out on quick, critical wins that come from taking simple (but much-needed) first steps.

Your 3 Basic Cybersecurity Needs (Think of Them as Jobs to Be Done)

Despite all the apparent complexity, the truth is you can actually boil security down to three fundamental jobs you want to accomplish:

  • Job #1: You need to prevent attacks
  • Job #2: You need to detect attacks that are in progress or have already occured
  • Job #3: You need to be able to respond to and recover from attacks

Based on your current solutions and capabilities, you may be doing one or more of these jobs well, already. You may need help with one or all three.

Instead of feeling like you need to evaluate every single security solution under the sun, one way to make some initial headway and narrow down your focus is to consider this: 

When you buy a security product, you're "hiring" it to do at least one of three jobs: prevent attacks, detect attacks, and respond to attacks.  

To get a better sense of how different types of security solutions can be applied to each of these jobs, see the pyramid below: 


Click the image to expand


Goals of this job:

  • Keep malicious software off your systems
  • Avoid unauthorized access
  • Establish roadblocks to prevent an infection from spreading


Tools that can help you get the job done:

  • Firewalls
  • Whitelisting and blacklisting
  • Antivirus and anti-malware
  • Patch management
  • Security awareness training
  • Backup strategy



Goals of this job:

  • Know what's happening on your systems at all times
  • Get alerted to suspicious activity
  • Know who is accessing what and when


Tools that can help you get the job done:

  • Security information and event management (SIEM)
  • Intrusion/threat detection
  • Identity and access management (IAM)



Goals of this job:

  • Be better prepared to react to an attack
  • Get back to your pre-incident state
  • Understand what happened so you can avoid a repeat


Tools that can help you get the job done:

  • Incident response planning
  • Response and rollback
  • Forensics


Note: Start with prevention to get the most bang for your buck

Each of these three jobs — prevention, detection, and response — is important to running a well-rounded security program. But in terms of prioritizing, it's generally a good idea to focus on prevention (the foundational layer of the pyramid) first. 

Here are five reasons why:

  1. Prevention is proactive. Detection and response are both reactive. In security, an ounce of prevention is absolutely worth a pound of cure. Putting up preventative barriers is a far more cost effective than running around trying to put out fires and repair the damage after the fact. 
  2. There's a higher barrier to entry for detection and response solutions. They're typically more complex and often require a prohibitively high investment of time, money, and resources to manage. Detection and response tools are primarily geared toward large corporations with dedicated security teams who can analyze and translate a high volume of alerts into meaningful actions.
  3. Prevention tools make detection and response tools more effective. For example, the fewer infected endpoints you have to deal with, the less corrupted data that will flood an already overworked SIEM (read this post to learn how endpoint security can give other security products a boost).
  4. Prevention stops attackers from getting a foot in the door. No matter how sophisticated detection and response tools are, once an attacker has a foothold in a system, the reliability of those tools drops. If an attack yields stolen credentials, for example, there's now a way around identity and access management barriers.
  5. Detection and response comes into play after damage is already done. With the rise of ransomware, there's been a shift in cyber criminal priorities. Attackers aren't as interested in sneaking into a system and avoiding detection for a long period of time. It's more cost-effective for them to do a quick smash and grab, encrypting files in a matter of minutes or even seconds. That means detection and response efforts often come too late. 


Advice: Keep it simple when you're getting started


Security can be as complex as you make it. Yes, investing in layers of security (incorporating multiple, complimentary approaches and solutions) will always be preferable, but you should also be careful not to spread yourself too thin. Products and initiatives take time and resources to manage. You may see better results by narrowing your focus to getting a few specific things right.

As you're looking over the pyramid, keep in mind the goal isn't simply to accumulate tools, but to improve your ability to get your three core jobs done. 

Remember, your job isn't to collect security tools, it's to keep your company secure. Focus on the tools that make that job easier, not harder. 


Bonus: Figure out what you really want a security solution to do for you

To sum up, the best approach to evaluating security investments is to define what your own specific security needs and priorities are first. That means determining what it is you’re trying to avoid, what it is you’re trying to secure, what the current state of your coverage is, and identifying your gaps.

To get started, take a quick moment to fill out the worksheet below. It walks you through three critical questions to ask yourself that will naturally make you zero in on your organization’s top needs.

Click the image to expand the worksheet and/or download it as a PDF


If you liked this post or you're looking for more tips on finding the right security solutions, check out our new Endpoint Security Buyer's Guide. You can grab a free copy by clicking the "get your guide" button below. 

Jonathan Crowe

Jonathan Crowe

Jonathan covers the latest threats and cybersecurity trends from a practical perspective.


Close the gaps in your security

Stop paying for AV, get the strongest protection instead. See how Barkly blocks attacks that are getting past AV.

See a demo


Stay informed!

Get the latest security news, tips, and trends straight to your inbox.