Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

4/20/2020
02:30 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Securing Endpoints a Top Concern and Challenge in Reducing Attack Dwell Times: Research

Respondents rank detection controls and cite cyber deception as the top attack disrupter among a range of traditional solutions.

FREMONT, Calif.--(BUSINESS WIRE)--Attivo Networks®, an award-winning leader in deception for cybersecurity threat detection, today announced the availability of a new research report, titled “Top Threat Detection Trends.” The research highlights the top threat management challenges of cybersecurity professionals around the globe and provides real-world insights on trend changes as compared to prior research conducted in 2018.

“Reducing dwell time has also become an increased focus, as well as adopting technologies that detect attackers inside the network early and accurately. A multilayered strategy of complementary security controls that include new solutions like deception technology is proving to create the most effective control.”

One of the most noteworthy findings in the latest study is that user networks and endpoints are the biggest concerns for 65% of respondents, an 11% increase from last year. The report attributes this shift to four primary factors: the evolution of an increasingly perimeter-less environment; the sheer number of successful endpoint attacks; the rising cost per endpoint breach; and difficulties associated with quickly detecting a compromised system before an attacker can move laterally.

The Attivo Networks research was conducted before the Coronavirus pandemic forced so many people to work from home. In the survey, remote workers ranked as the third highest attack surface of concern at 35%; however, we expect that in future research, a significant rise in concerns related to remote worker risk will emerge.

Key findings and insights found in this year’s report:

  • In addition to user networks and endpoints, the report findings reveal the cloud is a significant concern by 63% of respondents. It attributes this finding to the continued migration of companies to IaaS and SaaS services and the concerns cybersecurity professionals have about securing these broad attack surfaces and shared security models.
  • The challenge in reducing attacker dwell time remains significant. Nearly two-thirds (64%) of respondents indicated that 100 days of dwell time (the length of time from when an attacker enters a network to when the organization detects them) seemed accurate or was too low (up from 61% last year). The highest jump in responses, increasing 7% from last year – and an alarming trend – came from 22% who stated that they were not tracking dwell time statistics. These findings highlight a continued need for more efficient tools to detect and track in-network threat activity and lateral movement.
  • Organizations are increasingly adopting complementary security technologies. Respondents believe threat actors are most concerned about traffic analysis (44%), followed closely by deception technology and next-generation firewalls (both 40%), IDS (39%), SIEMs (37%), EDR/next-generation AV (27%), IAM (22%) and UEBA (15%). This shift is likely due to attackers becoming increasingly savvy at understanding the weaknesses of traditional security controls. Additionally, organizations are shifting their strategy by deploying new technologies like deception technology for closing detection gaps and efficiently covering attack surfaces such as endpoint, cloud, and inter-connected OT environments.
  • Despite significant investments in prevention solutions, malware and ransomware continue to top the list of attacks that concern defenders, increasing 5% to 66% from last year. This result indicates that anti-virus, firewalls, and other prevention technologies still struggle to detect and stop attacks and that different detection solutions and/or organizations need more layers of defense to halt these attacks.
  • Three in four respondents are using some form of security framework, with the majority of respondents (45%) using the NIST Cybersecurity Framework, followed by the ISO 27000 family of standards (37%). Security professionals rely on these frameworks to help them clearly define policies, procedures, and processes to help reduce risk and exposure to vulnerabilities.

“Much of this year’s research indicates a continued demand for in-network detection that works reliably across existing and emerging attack surfaces and is effective against all attack vectors,” said Carolyn Crandall, Chief Deception Officer at Attivo Networks. “Reducing dwell time has also become an increased focus, as well as adopting technologies that detect attackers inside the network early and accurately. A multilayered strategy of complementary security controls that include new solutions like deception technology is proving to create the most effective control.”

To download the report, “Top Threat Detection Trends”, visit https://go.attivonetworks.com/WC-2019-ThreatDetection-Survey-Report_LP.html.

Research Methodology

Attivo Networks surveyed 1,249 respondents at in-person conferences around the globe throughout calendar year 2019, which included participants from 10 industries, with Technology and Financial Services sectors represented the most (34% and 14% respectively). Participants represented a wide range of business sizes, with 35% of participants from enterprises with 1,000 people or less, 31% from enterprises with 1,001-10,000 employees, and 26% from enterprises with over 10,000 employees.

About Attivo Networks

Attivo Networks®, the leader in deception technology, provides an active defense for early detection, forensics, and automated incident response to in-network attacks. The Attivo ThreatDefend® Deception Platform provides a comprehensive and customer-proven platform for proactive security and accurate threat detection within user networks, data centers, clouds, and a wide variety of specialized attack surfaces. The portfolio includes extensive network, endpoint, application, and data deceptions designed to misdirect and reveal attacks efficiently from all threat vectors. Advanced machine-learning makes preparation, deployment, and operations fast and simple to operate for organizations of all sizes. Comprehensive attack analysis and forensics provide actionable alerts and native integrations that automate the blocking, quarantine, and threat hunting of attacks for accelerated incident response. The company has won over 125 awards for its technology innovation and leadership. For more information, visit www.attivonetworks.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15058
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
CVE-2020-15059
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.
CVE-2020-15060
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.
CVE-2020-15061
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values.
CVE-2020-15062
PUBLISHED: 2020-08-07
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.