Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

02:30 PM
Dark Reading
Dark Reading
Products and Releases

Securing Endpoints a Top Concern and Challenge in Reducing Attack Dwell Times: Research

Respondents rank detection controls and cite cyber deception as the top attack disrupter among a range of traditional solutions.

FREMONT, Calif.--(BUSINESS WIRE)--Attivo Networks®, an award-winning leader in deception for cybersecurity threat detection, today announced the availability of a new research report, titled “Top Threat Detection Trends.” The research highlights the top threat management challenges of cybersecurity professionals around the globe and provides real-world insights on trend changes as compared to prior research conducted in 2018.

“Reducing dwell time has also become an increased focus, as well as adopting technologies that detect attackers inside the network early and accurately. A multilayered strategy of complementary security controls that include new solutions like deception technology is proving to create the most effective control.”

One of the most noteworthy findings in the latest study is that user networks and endpoints are the biggest concerns for 65% of respondents, an 11% increase from last year. The report attributes this shift to four primary factors: the evolution of an increasingly perimeter-less environment; the sheer number of successful endpoint attacks; the rising cost per endpoint breach; and difficulties associated with quickly detecting a compromised system before an attacker can move laterally.

The Attivo Networks research was conducted before the Coronavirus pandemic forced so many people to work from home. In the survey, remote workers ranked as the third highest attack surface of concern at 35%; however, we expect that in future research, a significant rise in concerns related to remote worker risk will emerge.

Key findings and insights found in this year’s report:

  • In addition to user networks and endpoints, the report findings reveal the cloud is a significant concern by 63% of respondents. It attributes this finding to the continued migration of companies to IaaS and SaaS services and the concerns cybersecurity professionals have about securing these broad attack surfaces and shared security models.
  • The challenge in reducing attacker dwell time remains significant. Nearly two-thirds (64%) of respondents indicated that 100 days of dwell time (the length of time from when an attacker enters a network to when the organization detects them) seemed accurate or was too low (up from 61% last year). The highest jump in responses, increasing 7% from last year – and an alarming trend – came from 22% who stated that they were not tracking dwell time statistics. These findings highlight a continued need for more efficient tools to detect and track in-network threat activity and lateral movement.
  • Organizations are increasingly adopting complementary security technologies. Respondents believe threat actors are most concerned about traffic analysis (44%), followed closely by deception technology and next-generation firewalls (both 40%), IDS (39%), SIEMs (37%), EDR/next-generation AV (27%), IAM (22%) and UEBA (15%). This shift is likely due to attackers becoming increasingly savvy at understanding the weaknesses of traditional security controls. Additionally, organizations are shifting their strategy by deploying new technologies like deception technology for closing detection gaps and efficiently covering attack surfaces such as endpoint, cloud, and inter-connected OT environments.
  • Despite significant investments in prevention solutions, malware and ransomware continue to top the list of attacks that concern defenders, increasing 5% to 66% from last year. This result indicates that anti-virus, firewalls, and other prevention technologies still struggle to detect and stop attacks and that different detection solutions and/or organizations need more layers of defense to halt these attacks.
  • Three in four respondents are using some form of security framework, with the majority of respondents (45%) using the NIST Cybersecurity Framework, followed by the ISO 27000 family of standards (37%). Security professionals rely on these frameworks to help them clearly define policies, procedures, and processes to help reduce risk and exposure to vulnerabilities.

“Much of this year’s research indicates a continued demand for in-network detection that works reliably across existing and emerging attack surfaces and is effective against all attack vectors,” said Carolyn Crandall, Chief Deception Officer at Attivo Networks. “Reducing dwell time has also become an increased focus, as well as adopting technologies that detect attackers inside the network early and accurately. A multilayered strategy of complementary security controls that include new solutions like deception technology is proving to create the most effective control.”

To download the report, “Top Threat Detection Trends”, visit https://go.attivonetworks.com/WC-2019-ThreatDetection-Survey-Report_LP.html.

Research Methodology

Attivo Networks surveyed 1,249 respondents at in-person conferences around the globe throughout calendar year 2019, which included participants from 10 industries, with Technology and Financial Services sectors represented the most (34% and 14% respectively). Participants represented a wide range of business sizes, with 35% of participants from enterprises with 1,000 people or less, 31% from enterprises with 1,001-10,000 employees, and 26% from enterprises with over 10,000 employees.

About Attivo Networks

Attivo Networks®, the leader in deception technology, provides an active defense for early detection, forensics, and automated incident response to in-network attacks. The Attivo ThreatDefend® Deception Platform provides a comprehensive and customer-proven platform for proactive security and accurate threat detection within user networks, data centers, clouds, and a wide variety of specialized attack surfaces. The portfolio includes extensive network, endpoint, application, and data deceptions designed to misdirect and reveal attacks efficiently from all threat vectors. Advanced machine-learning makes preparation, deployment, and operations fast and simple to operate for organizations of all sizes. Comprehensive attack analysis and forensics provide actionable alerts and native integrations that automate the blocking, quarantine, and threat hunting of attacks for accelerated incident response. The company has won over 125 awards for its technology innovation and leadership. For more information, visit www.attivonetworks.com.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/3/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-06-03
In WatermelonDB (NPM package "@nozbe/watermelondb") before versions 0.15.1 and 0.16.2, a maliciously crafted record ID can exploit a SQL Injection vulnerability in iOS adapter implementation and cause the app to delete all or selected records from the database, generally causing the app to...
PUBLISHED: 2020-06-03
D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information.
PUBLISHED: 2020-06-03
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.
PUBLISHED: 2020-06-03
D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength.
PUBLISHED: 2020-06-03
D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.