Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

7/12/2017
10:45 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Faster Cyberattack Detection Can Limit Business Impact by 70%: Cyber adAPT, Aberdeen Group

July 11, 2017 – Half Moon Bay, California – A new report released today, commissioned by Cyber adAPT and conducted by Aberdeen Group, has revealed that cyber attack detection and response times have a critical status in protecting access to infrastructure and data within modern networks.

New insight detailed in the report entitled ‘The need for speed: faster detection requires a new type of platform’, reveals that doubling detection and response speed to cyber attacks produces a median reduction of 70%, compared to the status quo*, in impact on the availability of enterprise computing infrastructure.

The report also shows that improvements to detection and response speed following a data breach produces a median reduction of 30% in impact on the business, compared to the status quo*.

Monte Carlo analysis: Reducing the Business Impact of Disruptions and Data Breaches

Source: Monte Carlo analysis; Aberdeen Group June 2017

The findings help contextualize the current cyber security climate, which McKinsey and the World Economic Forum has previously described as one where 60% of technology executives agree the sophistication as well as the pace of attacks will increase faster than the ability of institutions to defend themselves[i].

The report also consolidates existing research from Aberdeen Group, which found:

  • Two out of five (39%) organizations are moving from a traditional, PC-oriented computing environment toward an increasingly mobile-first infrastructure, and half (49%) of all respondents have already invested in connected devices (IoT) initiatives[ii].
  • In a study of 3,000 current network firewall installations nearly half (46%) of all organizations were dealing with multiple sites and/or multiple firewall vendors[iii].
  • In an analysis of nearly 11,000 security monitoring and analytics installations, two-thirds of CISOs are taking a tools-based approach to cyber security, installing a single product at a single site. The remaining third of installations typified a platform approach[iv].
  • In current technology installations of virtualization and cloud computing initiatives involving 336 products from 57 vendors, there were more than 1.6 billion permutations in the simple six-layer stack[v].

The report describes a dynamic infrastructure, which includes a mix of traditional servers, private clouds, and public clouds as “the new normal”, and notes that its complexity means that using prevention-led methods cannot be successful 100% of the time.

Kirsten Bay, President and CEO of Cyber adAPT commented on the new insights and wider report: “Criminals are gaining access to our networks regardless of how much money has been sent on perimeter defenses. The unique, new insights released today demonstrate the pressing need for CISOs to be able to quickly detect these inevitable breaches and act upon them immediately, if they are to limit the impact.[vi]

Bay continues:

“Furthermore, the report identifies that today’s enterprise computing infrastructure is increasingly digital, edgeless and hybrid. With a vast number of firewall installations and other security tools to manage, the data demonstrates that a strategy focused on prevention alone is no longer enough – detecting anomalies and defending this blurred perimeter is simply beyond human capability.”

Derek Brink, Vice President and Research Fellow, Aberdeen Group and author of the report commented: “Our report shows that in securing increasingly complex computing infrastructures CISOs have a bastion of tools at their disposal. But this has only served to deliver an onslaught of alerts, which take time to filter. To regain their time advantage against attackers, CISOs need a single platform, which integrates data from multiple sources and offers optimized visibility into a rapidly changing threat landscape. This will allow them to detect threats in real-time and respond before attackers compromise information and remove access to vital infrastructure.”

Key insights:

  • When it comes to detection, response and recovery time are crucial.
  • CISOs need to make the business case for how faster detection, effective response, and rapid recovery reduces the impact of attacks.
  • Doubling detection and response speed to cyber attacks produces a median reduction of 70%, compared to the status quo*, in impact on the availability of enterprise computing infrastructure.
  • Improvements to detection and response speed following a data breach produces a median reduction of 30% in impact on the business, compared to the status quo*.
  • Today’s enterprise computing infrastructure is a dynamic blend of traditional networks, expanding user bases, a mix of private and public clouds, and connected devices.
  • In such an environment, timely detection of active attacks – at the scale and speed needed – requires a new type of platform.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2019
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Jim, stop pretending you're drowning in tickets."
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3571
PUBLISHED: 2019-07-16
An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension.
CVE-2019-6160
PUBLISHED: 2019-07-16
A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.
CVE-2019-9700
PUBLISHED: 2019-07-16
Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic.
CVE-2019-12990
PUBLISHED: 2019-07-16
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.
CVE-2019-12991
PUBLISHED: 2019-07-16
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).