Half of IT Security Pros Believe They’re an Unlikely Target for Attack, Finds Ponemon Institute Study

61 Percent of IT Security Pros Lack Confidence in Their Ability to Detect Advanced Threats

October 29, 2015

5 Min Read


Framingham, Mass., – October 28, 2015 – An independent study published today by The Ponemon Institute titled, “Advanced Threat Detection with Machine-Generated Intelligence,” found that half of IT security practitioners in the U.S. view their organization as an unlikely target for attack. This largely positive outlook could be contributing to a lack of cyber-preparedness as 61 percent of respondents admitted a lack of confidence in their organization’s ability to detect advanced threats.

The full report delves into these and other findings from a survey of 614 IT security practitioners in the U.S. who are familiar with threat detection technologies deployed by their organization and are involved in advanced threat detection activities. The research was sponsored by Prelert, the leading provider of behavioral analytics for IT security and operations teams.

“This research reveals some major disconnects that IT professionals seem to have between perception and reality. While even circumstantial evidence points to the increasing volume and severity of cyberthreats, it’s shocking to learn that half of security pros don’t even view themselves as a target,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “We’re also seeing discrepancies in the way teams are viewing and reacting to advanced persistent threats. Overall, they’re not confident in their ability to detect advanced threats, but they’re not doing much about it. It’s clear that new solutions are needed.”

The Reaction and Inaction to Advanced Persistent Treats

When asked what type of cyberattacks cause the greatest concern, the most common answer by far was advanced persistent threats (67 percent), followed by zero-day attacks (57 percent) and login attacks (37 percent).

Despite this high level of concern and a lack of confidence in their ability to detect advanced threats, respondents expressed a surprising disconnect in their urgency to make changes that would address these issues. When asked how their use of advanced threat detection technologies would change 12 months from now, 49 percent said their usage would either not change (43 percent) or decrease (6 percent).

“These results show that organizations are moving slowly to adopt security analytics technology as part of their advanced threat detection programs,” said Mark Jaffe, CEO of Prelert. “Most established security vendors have been slow to embrace analytics as part of their advanced threat detection offerings, which might lead some to assume that the technology is immature. However the reality is quite opposite – Prelert has been deploying its machine learning behavioral analytics capabilities to customers for three years, and has recently introduced Advanced Threat Insights, a second-generation analytics capability. Much like how voice recognition technology has advanced rapidly in the past few years, so has machine-learning based security analytics technology. Organizations should be adding this effective capability to their advanced threat detection programs sooner rather than later.”

Security Analytics Provides Essential Value

While only 36 percent of respondents are using security analytics, a vast majority see the impact:

·         90 percent believe security analytics is either essential (19 percent), very important (45 percent) or important (26 percent) to their organization’s ability to maintain strong security.

·         Security analytics helps improve the speed at which indicators of compromise are detected. While studies consistently show that data breaches can persist for months before being detected, respondents say their company receives intelligence within seconds (6 percent), minutes (11 percent) or hours (34 percent) once security analytics has detected an anomaly.

The Importance of Machine Learning Behavioral Analytics

Respondents shared insight into their perception and usage of machine intelligence:

·         83 percent believe machine learning is important to achieving a strong cybersecurity posture.

·         A core competency of machine learning behavioral analytics – “baselining” normal behavior – is viewed as important, but is underutilized. Fifty-nine percent of respondents believe spotting the difference between abnormal and normal behavior is important to identifying suspicious artifacts that could verify potential intrusions. However, only 38 percent say their IT security team can do so.

·         The main reasons for investing in machine-generated solutions are to speed up the detection of anomalies (65 percent of respondents), increase the speed of intelligence generation (55 percent of respondents), improve the accuracy of intelligence (50 percent of respondents) and reduce the severity of attacks experienced (49 percent of respondents).

·         To assess the value of machine-generated intelligence, companies are most likely to measure both the increased ability to respond quickly to an existing cyberattack and whether they could successfully prevent the exfiltration of confidential information.

The full findings of this report will be presented in a live interactive webinar on November 11 at 1pm Eastern by Dr. Ponemon and Mike Paquette, VP of Products, Prelert. To register, please visit http://info.prelert.com/advanced-threat-detection-with-machine-generated-intelligence.


In addition, a copy of the Ponemon Institute report can be downloaded at http://info.prelert.com/advanced-threat-detection-research-report.


About the Ponemon Institute

The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries.


About Prelert

Prelert is the leading provider of behavioral analytics for IT security and operations teams. The company’s solution analyzes an organization’s log data, finds anomalies, links them together and lets the data tell the story behind advanced security threats and IT performance problems. Leveraging machine learning anomaly detection and other behavioral analytics capabilities, the solution automates the analysis of massive data sets, eliminating manual effort and human error. Hundreds of progressive IT organizations rely on Prelert to detect advanced threat activity, reduce false positive alerts and enable faster root cause analysis. Prelert lets your data tell the story. Please visit www.prelert.com or follow @Prelert to learn more.


Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights