In his talk last week at the 2014 Gartner Security and Risk Management Summit, Gartner Analyst Neil McDonald said that when targeted attacks are considered, traditional technologies like firewalls, intrusion detection and prevention systems (IDS/IPS) and anti-malware tools fail in detection. That is because it's hard to use them to detect attacks that nobody has seen before, hence have no known signature.
Based on Gartner's security infrastructure model, McDonald points out that companies are struggling to get the right tools for fast detection and investigation of incidents. He recommends that enterprises look to reduce the spending on anti-malware, IPS and encryption in order to shift that spending to detection and response.
McDonald said that the need to detect advanced, targeted attacks and quickly respond to them has led many enterprises to implement new types of security products that focus on rapid attack detection and response by seeking to understand what "good" data or traffic looks like, and identify meaningful differences using techniques like baselining, anomaly detection and predictive failure analysis.
Rapid7's UserInsight is an ideal answer to Gartner's call out: an automated detection system to identify compromised credentials and user-based attacks by gathering information on behaviors from various systems and correlating them to detect anomalies that are indicators of compromise.
Rapid7 also covers some of the angles for prediction and prevention: Nexpose and Metasploit assess IT environments for security issues, while ControlsInsight guides security teams through hardening their systems.