The recent wave of high-profile breaches has brought new urgency to improving how data is stored and protected in the enterprise. But the renewed discussion over modernizing traditional security models overlooks one of the biggest emerging priorities for the transition.

Tracing malicious activity back to its origins is becoming an essential part of combating the increasingly sophisticated threats targeting organizations, IBM i2 National Security and Defense Intelligence lead Mitch Free said in a recent appearance on theCUBE. Forensic analysis is already at the top of the agenda in the public sector and is now coming to the commercial world as the old way of dealing with hacking loses relevance.

“Before it was simply about damage control and closing the hole. Then there would be some remediation after the fact to prevent that happening again,” Free told theCUBE hosts John Furrier and Dave Vellante. Now, however, “organizations are looking more at who’s doing the attacks and why they’re doing at the attacks” to gain an understanding of their modus operandi.

Since hackers frequently reuse code and techniques with little if any modification, identifying intruders can prove invaluable in reacting to their next moves. That knowledge is also useful for prioritizing breaches, he added, which is much more important than it may seem.

Theoretically, every incident should be handled with the same amount of attention and seriousness, but that’s almost never the case in practice. The typical corporate security team is stretched thin between sifting through false alarms and helping negligent employees clear malware from their devices, which often leads to months-long delays in the detection of major compromises.

That provides ample time for hackers to find their way through an organization’s internal defenses, steal sensitive data and cover up their tracks, a situation that can be avoided if an anomaly is quickly matched to a known attack pattern. According to Free, the key to accomplishing that is expanding the strategic focus beyond infrastructure to new data sources such as employee records and physical security systems.

The technology needed tap into that information is already there, but the organizational structures necessary to do so are still absent at many enterprises. Thankfully, however, that is changing as security starts drawing attention from the top. “The decision-makers are not only the IT people these days; it’s moving up to the board room,” Free said. “They’re looking at it and allocating funding to enforce security and see who’s attacking, so we’re starting to see that funding shift.”