Vulnerabilities / Threats

10/28/2015
03:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Half of IT Security Pros Believe Theyre an Unlikely Target for Attack, Finds Ponemon Institute Study

61 Percent of IT Security Pros Lack Confidence in Their Ability to Detect Advanced Threats

Framingham, Mass., – October 28, 2015 – An independent study published today by The Ponemon Institute titled, “Advanced Threat Detection with Machine-Generated Intelligence,” found that half of IT security practitioners in the U.S. view their organization as an unlikely target for attack. This largely positive outlook could be contributing to a lack of cyber-preparedness as 61 percent of respondents admitted a lack of confidence in their organization’s ability to detect advanced threats.

The full report delves into these and other findings from a survey of 614 IT security practitioners in the U.S. who are familiar with threat detection technologies deployed by their organization and are involved in advanced threat detection activities. The research was sponsored by Prelert, the leading provider of behavioral analytics for IT security and operations teams.

“This research reveals some major disconnects that IT professionals seem to have between perception and reality. While even circumstantial evidence points to the increasing volume and severity of cyberthreats, it’s shocking to learn that half of security pros don’t even view themselves as a target,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “We’re also seeing discrepancies in the way teams are viewing and reacting to advanced persistent threats. Overall, they’re not confident in their ability to detect advanced threats, but they’re not doing much about it. It’s clear that new solutions are needed.”

The Reaction and Inaction to Advanced Persistent Treats

When asked what type of cyberattacks cause the greatest concern, the most common answer by far was advanced persistent threats (67 percent), followed by zero-day attacks (57 percent) and login attacks (37 percent).

Despite this high level of concern and a lack of confidence in their ability to detect advanced threats, respondents expressed a surprising disconnect in their urgency to make changes that would address these issues. When asked how their use of advanced threat detection technologies would change 12 months from now, 49 percent said their usage would either not change (43 percent) or decrease (6 percent).

“These results show that organizations are moving slowly to adopt security analytics technology as part of their advanced threat detection programs,” said Mark Jaffe, CEO of Prelert. “Most established security vendors have been slow to embrace analytics as part of their advanced threat detection offerings, which might lead some to assume that the technology is immature. However the reality is quite opposite – Prelert has been deploying its machine learning behavioral analytics capabilities to customers for three years, and has recently introduced Advanced Threat Insights, a second-generation analytics capability. Much like how voice recognition technology has advanced rapidly in the past few years, so has machine-learning based security analytics technology. Organizations should be adding this effective capability to their advanced threat detection programs sooner rather than later.”

Security Analytics Provides Essential Value

While only 36 percent of respondents are using security analytics, a vast majority see the impact:

·         90 percent believe security analytics is either essential (19 percent), very important (45 percent) or important (26 percent) to their organization’s ability to maintain strong security.

·         Security analytics helps improve the speed at which indicators of compromise are detected. While studies consistently show that data breaches can persist for months before being detected, respondents say their company receives intelligence within seconds (6 percent), minutes (11 percent) or hours (34 percent) once security analytics has detected an anomaly.

The Importance of Machine Learning Behavioral Analytics

Respondents shared insight into their perception and usage of machine intelligence:

·         83 percent believe machine learning is important to achieving a strong cybersecurity posture.

·         A core competency of machine learning behavioral analytics – “baselining” normal behavior – is viewed as important, but is underutilized. Fifty-nine percent of respondents believe spotting the difference between abnormal and normal behavior is important to identifying suspicious artifacts that could verify potential intrusions. However, only 38 percent say their IT security team can do so.

·         The main reasons for investing in machine-generated solutions are to speed up the detection of anomalies (65 percent of respondents), increase the speed of intelligence generation (55 percent of respondents), improve the accuracy of intelligence (50 percent of respondents) and reduce the severity of attacks experienced (49 percent of respondents).

·         To assess the value of machine-generated intelligence, companies are most likely to measure both the increased ability to respond quickly to an existing cyberattack and whether they could successfully prevent the exfiltration of confidential information.

The full findings of this report will be presented in a live interactive webinar on November 11 at 1pm Eastern by Dr. Ponemon and Mike Paquette, VP of Products, Prelert. To register, please visit http://info.prelert.com/advanced-threat-detection-with-machine-generated-intelligence.

 

In addition, a copy of the Ponemon Institute report can be downloaded at http://info.prelert.com/advanced-threat-detection-research-report.

 

About the Ponemon Institute

The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

 

About Prelert

Prelert is the leading provider of behavioral analytics for IT security and operations teams. The company’s solution analyzes an organization’s log data, finds anomalies, links them together and lets the data tell the story behind advanced security threats and IT performance problems. Leveraging machine learning anomaly detection and other behavioral analytics capabilities, the solution automates the analysis of massive data sets, eliminating manual effort and human error. Hundreds of progressive IT organizations rely on Prelert to detect advanced threat activity, reduce false positive alerts and enable faster root cause analysis. Prelert lets your data tell the story. Please visit www.prelert.com or follow @Prelert to learn more.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Shhh!  They're watching... And you have a laptop?  
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11440
PUBLISHED: 2018-05-25
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.
CVE-2013-3018
PUBLISHED: 2018-05-24
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.
CVE-2013-3023
PUBLISHED: 2018-05-24
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.
CVE-2013-3024
PUBLISHED: 2018-05-24
IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.
CVE-2018-5674
PUBLISHED: 2018-05-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...