Attacks/Breaches

4/11/2018
11:55 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

CISO Conundrum: Multiple Solutions Harden Posture but Create Alert Fatigue

BUCHAREST, Romania/SANTA CLARA, Calif., April 11, 2018 – Bitdefender, a leading global cybersecurity technology company protecting 500 million users worldwide, today announced the results of its latest survey, showing that more than half of CISOs worldwide (61 percent US) are worried about a global skills shortage. Sixty-nine percent of respondents around the globe also reported that their team is under resourced, with more than half of respondents in all markets but Italy reporting that their IT security team is too small. Seventy-two percent of information security professionals admitted that their IT team experienced agent and alert fatigue, and 34 percent of US respondents said their budget could not accommodate infrastructure expansion.

The Bitdefender survey explores CISOs’ needs in the prevention-detection-response-investigation era and reveals how the lack of visibility, speed, and personnel affects the development of stronger security practices in companies with both over-burdened and under-resourced IT teams. The survey polled 1,050 people responsible for purchasing IT security within companies in the US and Europe.

Half of the CISOs surveyed worldwide admitted their company was breached in the past year, but one sixth of those respondents don’t know how the breach occurred. Fifty-five percent of US respondents had experienced an advanced attack or malware outbreak. One quarter of all respondents expect this issue to continue, and think their company is likely to face an ongoing security breach without them knowing it. Using existing security tools, US CISOs believe 61 percent of advanced attacks can be prevented, detected, and isolated, but anticipate it would take four weeks to detect any such attack—the highest average amount of time of any market surveyed.

With the global cost of cybersecurity breaches expected to reach $6 trillion by 2021, analysts have seen companies’ security spending start migrating from prevention-only approaches to focus more on detection and response. Gartner expects that spending on enhancing endpoint detection and response (EDR) capabilities will become a key priority for security buyers through 2020.

Better tools needed for rapid detection and response

CISOs agree that prevention is faulty, but investigation is a burden. EDR capabilities can provide improved detection and response approaches to prolific security incidents, and using automation can help to address the global shortage of cybersecurity professionals. Specifically, EDR tools best fit resource-strapped businesses with lean IT teams that operate without a Security Operation Center (SOC). However, half of IT executives worldwide said that managing EDR tools is difficult or very difficult. In both the US and UK, 49 percent of all endpoint alerts triggered by monitoring and response techniques turned out to be false alarms. Sixty-four percent of Americans in companies with no SOC said monitoring activities are one of their toughest challenges. Spotting an ongoing breach also means fighting alert fatigue caused by noisy traditional security solutions. It’s a race against time when filtering security alerts, which can be especially difficult if the organization is understaffed and overburdened. Forty-three percent of US respondents, and one third of respondents across all markets, said that lack of proper security tools is the main obstacle that prevents rapid detection and response during a cyberattack.

Time is of the Essence

On average, 82 percent of security professionals in Europe and the US say that reaction time is a key differentiator in mitigating cyberattacks. CISOs attest that time is of the essence when isolating the incident to prevent spreading (68 percent), identifying how the breach occurs (55 percent), and evaluating losses and the impact of the breach (51 percent). CISOs agree that delayed response to a cyber incident can also make it harder to accurately identify the initial time of attack and assess the timeframe (30 percent), understand the motivation for the cyberattack (19 percent), or improve the incident response plan for future attempts (17 percent).

 “Today’s resource- and skill-constrained IT security teams need an endpoint detection and response (EDR) approach that allows for less human intervention and a higher level of fidelity in incident investigations,”Bitdefender’s VP of Enterprise Solutions Harish Agastya said. “EDR for everyone can be achieved through a funnel-based approach of prevention-detection-investigation-response, leaving the EDR layer to focus on threats further down the funnel in the unknown or potential threat category, and IT teams to focus solely on the alerts and tasks that are truly significant.”

Bitdefender security specialists strongly advise enterprise CISOs consider: the importance and value of an integrated prevent-detect-investigate-respond-evolve approach to endpoint security.

  • Prevent: block all known bad and a high percentage of unknown bad at pre-execution layer itself, without saturating the EDR analytics engine with unnecessary incident alerts
  • Detect: supported by built-in intelligence from threat protection engines and analysis of a stream of behavioral events from an endpoint event recorder
  • Investigate: aided by contextually relevant information on the class of threat that is detected (via the built-in intelligence), the reason of detection (via threat analytics), and ultimate verdict (via an integrated sandbox).
  • Respond: via a single pane of glass incident response interface that enables tactical remedial actions immediately and widely across the enterprise.
  • Evolve: enables the feedback loop from current detection to future prevention via in-place policy tuning and fortification.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20161
PUBLISHED: 2018-12-15
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...
CVE-2018-20159
PUBLISHED: 2018-12-15
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...
CVE-2018-20157
PUBLISHED: 2018-12-15
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
CVE-2018-20154
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
CVE-2018-20155
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.