Attackers dwelling in compromised networks for months
Security teams are still struggling to cut down the time attackers spend infiltrating enterprise networks, with hackers routinely dwelling inside compromised networks for 100 days or more.
A survey conducted by Attivo Networks found that 64% of respondents felt that 100 days of dwell time — the timespan between an attacker entering a network and the organisation detecting them — seemed accurate or was too low.
In addition, 22% of respondents stated that they are not tracking dwell time statistics at all, up 7% from last year.
The survey also found that user networks and endpoints are the top concerns for 65% of respondents. Securing the cloud is also a high priority concern among 63% of respondents.
The top attacks concerning defenders remain malware and ransomware. This trend was significantly pronounced among industries most sensitive to data loss or interruptions to normal operations, such as health care, education, energy and utilities, and legal and professional services.
But enterprises are also increasingly adopting security technologies. Respondents believe attackers are most vexed by technologies including traffic analysis (44%), deception technology (40%) and next-generation firewalls (40%).
Meanwhile, three in four respondents have adopted some form of standardised security framework, with the most popular choices being the NIST cybersecurity framework (45%) and the ISO 27000 family of standards (37%).
“Much of this year’s research indicates a continued demand for in-network detection that works reliably across existing and emerging attack surfaces and is effective against all attack vectors,” Attivo Networks Chief Deception Officer Carolyn Crandall said.
“Reducing dwell time has also become an increased focus, as well as adopting technologies that detect attackers inside the network early and accurately. A multilayered strategy of complementary security controls that include new solutions like deception technology is proving to create the most effective control.”
CrowdStrike to buy Adaptive Shield
CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...
LockBit named nastiest malware of 2024
LockBit, a ransomware malware known to have been used to attack Australian targets, has been...
Extreme Networks launches ZTNA solution
Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...