Research from 1,200 Cybersecurity Professionals Shows Securing Endpoints as Top Concern and Challenges in Reducing Attack Dwell Times
April 2020 by Attivo Networks
Attivo Networks® announced the availability of a new research report, titled “Top Threat Detection Trends.” The research highlights the top threat management challenges of cybersecurity professionals around the globe and provides real-world insights on trend changes as compared to prior research conducted in 2018.
One of the most noteworthy findings in the latest study is that user networks and endpoints are the biggest concerns for 65% of respondents, an 11% increase from last year. The report attributes this shift to four primary factors: the evolution of an increasingly perimeter-less environment; the sheer number of successful endpoint attacks; the rising cost per endpoint breach; and difficulties associated with quickly detecting a compromised system before an attacker can move laterally.
The Attivo Networks research was conducted before the Coronavirus pandemic forced so many people to work from home. In the survey, remote workers ranked as the third highest attack surface of concern at 35%; however, we expect that in future research, a significant rise in concerns related to remote worker risk will emerge.
Key findings and insights found in this year’s report:
• In addition to user networks and endpoints, the report findings reveal the cloud is a significant concern by 63% of respondents. It attributes this finding to the continued migration of companies to IaaS and SaaS services and the concerns cybersecurity professionals have about securing these broad attack surfaces and shared security models.
• The challenge in reducing attacker dwell time remains significant. Nearly two-thirds (64%) of respondents indicated that 100 days of dwell time (the length of time from when an attacker enters a network to when the organization detects them) seemed accurate or was too low (up from 61% last year). The highest jump in responses, increasing 7% from last year – and an alarming trend – came from 22% who stated that they were not tracking dwell time statistics. These findings highlight a continued need for more efficient tools to detect and track in-network threat activity and lateral movement.
• Organizations are increasingly adopting complementary security technologies. Respondents believe threat actors are most concerned about traffic analysis (44%), followed closely by deception technology and next-generation firewalls (both 40%), IDS (39%), SIEMs (37%), EDR/next-generation AV (27%), IAM (22%) and UEBA (15%). This shift is likely due to attackers becoming increasingly savvy at understanding the weaknesses of traditional security controls. Additionally, organizations are shifting their strategy by deploying new technologies like deception technology for closing detection gaps and efficiently covering attack surfaces such as endpoint, cloud, and inter-connected OT environments.
• Despite significant investments in prevention solutions, malware and ransomware continue to top the list of attacks that concern defenders, increasing 5% to 66% from last year. This result indicates that anti-virus, firewalls, and other prevention technologies still struggle to detect and stop attacks and that different detection solutions and/or organizations need more layers of defense to halt these attacks.
• Three in four respondents are using some form of security framework, with the majority of respondents (45%) using the NIST Cybersecurity Framework, followed by the ISO 27000 family of standards (37%). Security professionals rely on these frameworks to help them clearly define policies, procedures, and processes to help reduce risk and exposure to vulnerabilities.
“Much of this year’s research indicates a continued demand for in-network detection that works reliably across existing and emerging attack surfaces and is effective against all attack vectors,” said Carolyn Crandall, Chief Deception Officer at Attivo Networks. “Reducing dwell time has also become an increased focus, as well as adopting technologies that detect attackers inside the network early and accurately. A multilayered strategy of complementary security controls that include new solutions like deception technology is proving to create the most effective control.”