If there’s been any lesson learned in the past decade, it’s that despite tens of billions having been spent on anti-malware, firewalls, intrusion-detection and prevention systems, and other defensive technologies, it’s just not realistic for enterprise security teams to expect to be able to stop every attack. Yet, surprisingly, enterprises focus their efforts and their budgets as if they can do precisely that. Sourcefire (recently acquired by Cisco) founder and CTO Martin Roesch, says a recent analysis by the IT security firm found that enterprises currently often only spend as little as 10% on incident response and about 30% on detection: the rest is on prevention. While preventing successful attack attempts from becoming breaches is the ideal, there needs to be more of a focus on an organization’s ability to identify breaches — especially advanced malware — as an attack is underway. The ability to spot malware in-progress is a crucial part of maintaining the operational integrity of one’s environment, says Roesch. To quickly identify breaches in-progress, more enterprises are turning to breach detection systems, which purport to pick up where intrusion detection systems and anti-malware software often fail and spot malicious files and malware as a successful attack is underway. That ability to detect changes in the environment is crucial if organizations are going to get better at combating advanced threats, added Roesch.