Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/11/2018
11:55 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

CISO Conundrum: Multiple Solutions Harden Posture but Create Alert Fatigue

BUCHAREST, Romania/SANTA CLARA, Calif., April 11, 2018 – Bitdefender, a leading global cybersecurity technology company protecting 500 million users worldwide, today announced the results of its latest survey, showing that more than half of CISOs worldwide (61 percent US) are worried about a global skills shortage. Sixty-nine percent of respondents around the globe also reported that their team is under resourced, with more than half of respondents in all markets but Italy reporting that their IT security team is too small. Seventy-two percent of information security professionals admitted that their IT team experienced agent and alert fatigue, and 34 percent of US respondents said their budget could not accommodate infrastructure expansion.

The Bitdefender survey explores CISOs’ needs in the prevention-detection-response-investigation era and reveals how the lack of visibility, speed, and personnel affects the development of stronger security practices in companies with both over-burdened and under-resourced IT teams. The survey polled 1,050 people responsible for purchasing IT security within companies in the US and Europe.

Half of the CISOs surveyed worldwide admitted their company was breached in the past year, but one sixth of those respondents don’t know how the breach occurred. Fifty-five percent of US respondents had experienced an advanced attack or malware outbreak. One quarter of all respondents expect this issue to continue, and think their company is likely to face an ongoing security breach without them knowing it. Using existing security tools, US CISOs believe 61 percent of advanced attacks can be prevented, detected, and isolated, but anticipate it would take four weeks to detect any such attack—the highest average amount of time of any market surveyed.

With the global cost of cybersecurity breaches expected to reach $6 trillion by 2021, analysts have seen companies’ security spending start migrating from prevention-only approaches to focus more on detection and response. Gartner expects that spending on enhancing endpoint detection and response (EDR) capabilities will become a key priority for security buyers through 2020.

Better tools needed for rapid detection and response

CISOs agree that prevention is faulty, but investigation is a burden. EDR capabilities can provide improved detection and response approaches to prolific security incidents, and using automation can help to address the global shortage of cybersecurity professionals. Specifically, EDR tools best fit resource-strapped businesses with lean IT teams that operate without a Security Operation Center (SOC). However, half of IT executives worldwide said that managing EDR tools is difficult or very difficult. In both the US and UK, 49 percent of all endpoint alerts triggered by monitoring and response techniques turned out to be false alarms. Sixty-four percent of Americans in companies with no SOC said monitoring activities are one of their toughest challenges. Spotting an ongoing breach also means fighting alert fatigue caused by noisy traditional security solutions. It’s a race against time when filtering security alerts, which can be especially difficult if the organization is understaffed and overburdened. Forty-three percent of US respondents, and one third of respondents across all markets, said that lack of proper security tools is the main obstacle that prevents rapid detection and response during a cyberattack.

Time is of the Essence

On average, 82 percent of security professionals in Europe and the US say that reaction time is a key differentiator in mitigating cyberattacks. CISOs attest that time is of the essence when isolating the incident to prevent spreading (68 percent), identifying how the breach occurs (55 percent), and evaluating losses and the impact of the breach (51 percent). CISOs agree that delayed response to a cyber incident can also make it harder to accurately identify the initial time of attack and assess the timeframe (30 percent), understand the motivation for the cyberattack (19 percent), or improve the incident response plan for future attempts (17 percent).

 “Today’s resource- and skill-constrained IT security teams need an endpoint detection and response (EDR) approach that allows for less human intervention and a higher level of fidelity in incident investigations,”Bitdefender’s VP of Enterprise Solutions Harish Agastya said. “EDR for everyone can be achieved through a funnel-based approach of prevention-detection-investigation-response, leaving the EDR layer to focus on threats further down the funnel in the unknown or potential threat category, and IT teams to focus solely on the alerts and tasks that are truly significant.”

Bitdefender security specialists strongly advise enterprise CISOs consider: the importance and value of an integrated prevent-detect-investigate-respond-evolve approach to endpoint security.

  • Prevent: block all known bad and a high percentage of unknown bad at pre-execution layer itself, without saturating the EDR analytics engine with unnecessary incident alerts
  • Detect: supported by built-in intelligence from threat protection engines and analysis of a stream of behavioral events from an endpoint event recorder
  • Investigate: aided by contextually relevant information on the class of threat that is detected (via the built-in intelligence), the reason of detection (via threat analytics), and ultimate verdict (via an integrated sandbox).
  • Respond: via a single pane of glass incident response interface that enables tactical remedial actions immediately and widely across the enterprise.
  • Evolve: enables the feedback loop from current detection to future prevention via in-place policy tuning and fortification.
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "The truth behind Stonehenge...."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-1936
PUBLISHED: 2021-03-02
A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4.
CVE-2021-27904
PUBLISHED: 2021-03-02
An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.
CVE-2021-27901
PUBLISHED: 2021-03-02
An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March 2021).
CVE-2021-21321
PUBLISHED: 2021-03-02
fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is &...
CVE-2021-21322
PUBLISHED: 2021-03-02
fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user expect that accessing...