Vulnerabilities / Threats
10/28/2015
03:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Half of IT Security Pros Believe Theyre an Unlikely Target for Attack, Finds Ponemon Institute Study

61 Percent of IT Security Pros Lack Confidence in Their Ability to Detect Advanced Threats

Framingham, Mass., – October 28, 2015 – An independent study published today by The Ponemon Institute titled, “Advanced Threat Detection with Machine-Generated Intelligence,” found that half of IT security practitioners in the U.S. view their organization as an unlikely target for attack. This largely positive outlook could be contributing to a lack of cyber-preparedness as 61 percent of respondents admitted a lack of confidence in their organization’s ability to detect advanced threats.

The full report delves into these and other findings from a survey of 614 IT security practitioners in the U.S. who are familiar with threat detection technologies deployed by their organization and are involved in advanced threat detection activities. The research was sponsored by Prelert, the leading provider of behavioral analytics for IT security and operations teams.

“This research reveals some major disconnects that IT professionals seem to have between perception and reality. While even circumstantial evidence points to the increasing volume and severity of cyberthreats, it’s shocking to learn that half of security pros don’t even view themselves as a target,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “We’re also seeing discrepancies in the way teams are viewing and reacting to advanced persistent threats. Overall, they’re not confident in their ability to detect advanced threats, but they’re not doing much about it. It’s clear that new solutions are needed.”

The Reaction and Inaction to Advanced Persistent Treats

When asked what type of cyberattacks cause the greatest concern, the most common answer by far was advanced persistent threats (67 percent), followed by zero-day attacks (57 percent) and login attacks (37 percent).

Despite this high level of concern and a lack of confidence in their ability to detect advanced threats, respondents expressed a surprising disconnect in their urgency to make changes that would address these issues. When asked how their use of advanced threat detection technologies would change 12 months from now, 49 percent said their usage would either not change (43 percent) or decrease (6 percent).

“These results show that organizations are moving slowly to adopt security analytics technology as part of their advanced threat detection programs,” said Mark Jaffe, CEO of Prelert. “Most established security vendors have been slow to embrace analytics as part of their advanced threat detection offerings, which might lead some to assume that the technology is immature. However the reality is quite opposite – Prelert has been deploying its machine learning behavioral analytics capabilities to customers for three years, and has recently introduced Advanced Threat Insights, a second-generation analytics capability. Much like how voice recognition technology has advanced rapidly in the past few years, so has machine-learning based security analytics technology. Organizations should be adding this effective capability to their advanced threat detection programs sooner rather than later.”

Security Analytics Provides Essential Value

While only 36 percent of respondents are using security analytics, a vast majority see the impact:

·         90 percent believe security analytics is either essential (19 percent), very important (45 percent) or important (26 percent) to their organization’s ability to maintain strong security.

·         Security analytics helps improve the speed at which indicators of compromise are detected. While studies consistently show that data breaches can persist for months before being detected, respondents say their company receives intelligence within seconds (6 percent), minutes (11 percent) or hours (34 percent) once security analytics has detected an anomaly.

The Importance of Machine Learning Behavioral Analytics

Respondents shared insight into their perception and usage of machine intelligence:

·         83 percent believe machine learning is important to achieving a strong cybersecurity posture.

·         A core competency of machine learning behavioral analytics – “baselining” normal behavior – is viewed as important, but is underutilized. Fifty-nine percent of respondents believe spotting the difference between abnormal and normal behavior is important to identifying suspicious artifacts that could verify potential intrusions. However, only 38 percent say their IT security team can do so.

·         The main reasons for investing in machine-generated solutions are to speed up the detection of anomalies (65 percent of respondents), increase the speed of intelligence generation (55 percent of respondents), improve the accuracy of intelligence (50 percent of respondents) and reduce the severity of attacks experienced (49 percent of respondents).

·         To assess the value of machine-generated intelligence, companies are most likely to measure both the increased ability to respond quickly to an existing cyberattack and whether they could successfully prevent the exfiltration of confidential information.

The full findings of this report will be presented in a live interactive webinar on November 11 at 1pm Eastern by Dr. Ponemon and Mike Paquette, VP of Products, Prelert. To register, please visit http://info.prelert.com/advanced-threat-detection-with-machine-generated-intelligence.

 

In addition, a copy of the Ponemon Institute report can be downloaded at http://info.prelert.com/advanced-threat-detection-research-report.

 

About the Ponemon Institute

The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.

 

About Prelert

Prelert is the leading provider of behavioral analytics for IT security and operations teams. The company’s solution analyzes an organization’s log data, finds anomalies, links them together and lets the data tell the story behind advanced security threats and IT performance problems. Leveraging machine learning anomaly detection and other behavioral analytics capabilities, the solution automates the analysis of massive data sets, eliminating manual effort and human error. Hundreds of progressive IT organizations rely on Prelert to detect advanced threat activity, reduce false positive alerts and enable faster root cause analysis. Prelert lets your data tell the story. Please visit www.prelert.com or follow @Prelert to learn more.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Companies Blindly Believe They've Locked Down Users' Mobile Use
Dawn Kawamoto, Associate Editor, Dark Reading,  11/14/2017
Microsoft Word Vuln Went Unnoticed for 17 Years: Report
Kelly Sheridan, Associate Editor, Dark Reading,  11/14/2017
121 Pieces of Malware Flagged on NSA Employee's Home Computer
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/16/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.