Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

02:30 PM
Dark Reading
Dark Reading
Products and Releases

Securing Endpoints a Top Concern and Challenge in Reducing Attack Dwell Times: Research

Respondents rank detection controls and cite cyber deception as the top attack disrupter among a range of traditional solutions.

FREMONT, Calif.--(BUSINESS WIRE)--Attivo Networks®, an award-winning leader in deception for cybersecurity threat detection, today announced the availability of a new research report, titled “Top Threat Detection Trends.” The research highlights the top threat management challenges of cybersecurity professionals around the globe and provides real-world insights on trend changes as compared to prior research conducted in 2018.

“Reducing dwell time has also become an increased focus, as well as adopting technologies that detect attackers inside the network early and accurately. A multilayered strategy of complementary security controls that include new solutions like deception technology is proving to create the most effective control.”

One of the most noteworthy findings in the latest study is that user networks and endpoints are the biggest concerns for 65% of respondents, an 11% increase from last year. The report attributes this shift to four primary factors: the evolution of an increasingly perimeter-less environment; the sheer number of successful endpoint attacks; the rising cost per endpoint breach; and difficulties associated with quickly detecting a compromised system before an attacker can move laterally.

The Attivo Networks research was conducted before the Coronavirus pandemic forced so many people to work from home. In the survey, remote workers ranked as the third highest attack surface of concern at 35%; however, we expect that in future research, a significant rise in concerns related to remote worker risk will emerge.

Key findings and insights found in this year’s report:

  • In addition to user networks and endpoints, the report findings reveal the cloud is a significant concern by 63% of respondents. It attributes this finding to the continued migration of companies to IaaS and SaaS services and the concerns cybersecurity professionals have about securing these broad attack surfaces and shared security models.
  • The challenge in reducing attacker dwell time remains significant. Nearly two-thirds (64%) of respondents indicated that 100 days of dwell time (the length of time from when an attacker enters a network to when the organization detects them) seemed accurate or was too low (up from 61% last year). The highest jump in responses, increasing 7% from last year – and an alarming trend – came from 22% who stated that they were not tracking dwell time statistics. These findings highlight a continued need for more efficient tools to detect and track in-network threat activity and lateral movement.
  • Organizations are increasingly adopting complementary security technologies. Respondents believe threat actors are most concerned about traffic analysis (44%), followed closely by deception technology and next-generation firewalls (both 40%), IDS (39%), SIEMs (37%), EDR/next-generation AV (27%), IAM (22%) and UEBA (15%). This shift is likely due to attackers becoming increasingly savvy at understanding the weaknesses of traditional security controls. Additionally, organizations are shifting their strategy by deploying new technologies like deception technology for closing detection gaps and efficiently covering attack surfaces such as endpoint, cloud, and inter-connected OT environments.
  • Despite significant investments in prevention solutions, malware and ransomware continue to top the list of attacks that concern defenders, increasing 5% to 66% from last year. This result indicates that anti-virus, firewalls, and other prevention technologies still struggle to detect and stop attacks and that different detection solutions and/or organizations need more layers of defense to halt these attacks.
  • Three in four respondents are using some form of security framework, with the majority of respondents (45%) using the NIST Cybersecurity Framework, followed by the ISO 27000 family of standards (37%). Security professionals rely on these frameworks to help them clearly define policies, procedures, and processes to help reduce risk and exposure to vulnerabilities.

“Much of this year’s research indicates a continued demand for in-network detection that works reliably across existing and emerging attack surfaces and is effective against all attack vectors,” said Carolyn Crandall, Chief Deception Officer at Attivo Networks. “Reducing dwell time has also become an increased focus, as well as adopting technologies that detect attackers inside the network early and accurately. A multilayered strategy of complementary security controls that include new solutions like deception technology is proving to create the most effective control.”

To download the report, “Top Threat Detection Trends”, visit https://go.attivonetworks.com/WC-2019-ThreatDetection-Survey-Report_LP.html.

Research Methodology

Attivo Networks surveyed 1,249 respondents at in-person conferences around the globe throughout calendar year 2019, which included participants from 10 industries, with Technology and Financial Services sectors represented the most (34% and 14% respectively). Participants represented a wide range of business sizes, with 35% of participants from enterprises with 1,000 people or less, 31% from enterprises with 1,001-10,000 employees, and 26% from enterprises with over 10,000 employees.

About Attivo Networks

Attivo Networks®, the leader in deception technology, provides an active defense for early detection, forensics, and automated incident response to in-network attacks. The Attivo ThreatDefend® Deception Platform provides a comprehensive and customer-proven platform for proactive security and accurate threat detection within user networks, data centers, clouds, and a wide variety of specialized attack surfaces. The portfolio includes extensive network, endpoint, application, and data deceptions designed to misdirect and reveal attacks efficiently from all threat vectors. Advanced machine-learning makes preparation, deployment, and operations fast and simple to operate for organizations of all sizes. Comprehensive attack analysis and forensics provide actionable alerts and native integrations that automate the blocking, quarantine, and threat hunting of attacks for accelerated incident response. The company has won over 125 awards for its technology innovation and leadership. For more information, visit www.attivonetworks.com.


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-23
Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1 ...
PUBLISHED: 2021-06-23
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.
PUBLISHED: 2021-06-23
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
PUBLISHED: 2021-06-23
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.
PUBLISHED: 2021-06-23
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.