Major barriers are preventing organisations from bolstering their post-breach defences

As cybercriminals and nation-states continue to improve the sophistication of attacks that bypass traditional preventive defences, organisations must evolve their security defences to reduce dwell time. Fidelis Cybersecurity asked cybersecurity leaders, security architects and security analysts about the evolution of their cyber defence strategies, including post-breach detection and response, as well as threat hunting. 

Fidelis interviewed over 580 security professionals from around the globe to understand how they are shifting their security strategies. In the Fidelis 2018 State of Threat Detection Report, 63 per cent of all respondents said they do not currently employ threat hunting or do not know if they do, with just over half (51 per cent) of organisations with over 5000 employees stating that they threat hunt. The Fidelis report also addressed broader detection and response capabilities and found some unsettling indicators that suggest that post-breach detection strategies are not robust enough to deal with the tactics, techniques and procedures being used by today’s threat actors.

Overall, just 21 per cent of respondents perceived their detection measures to be highly effective. Healthcare and federal public-sector organisations have the lowest confidence levels with just 5 per cent and 6 per cent of respondents respectively stating that they felt their detection capabilities were highly effective. In addition, 45 per cent of respondents stated that they do not have an endpoint detection and response solution currently in place and 38 per cent of all participants stated that they do not have a breach detection strategy in place at all.

“In discussions with our enterprise customers from around the globe, a recurring theme is the desire to hunt for threats,” said Nick Lantuh, CEO of Fidelis. “The common challenges they face are the lack of resources and expertise necessary to do it right, which our study has also confirmed. Organisations need the depth of insights into their data, the proper analytical tools, automated detection & response and the expertise to shift their defence strategy from being rocked back on their heels to up on their toes.”

Nearly half of the professionals who participated in the study noted they didn’t have the time to threat hunt, and a third cited lack of skills. But almost all of them – 88 per cent - believe threat hunting is a necessity.

With time, skills and resources cited as major barriers to sophisticated detection measures, outsourcing detection and response and threat hunting to Managed Detection and Response (MDR) Service is an option that should be considered. MDR enables organisations to completely outsource or augment their teams to ensure accurate threat detection and swift response to minimise dwell time.

Other findings from the report include:

• Organisations don’t have enough faith in their preventive solutions – with just 22 per cent stating that they felt ‘highly confident’ in their preventive defenses when faced with a targeted attack
• Insufficient security resources and the lack of automation for IR and investigations are one of the biggest issues facing security teams today
• 53 per cent of organisations who said they are not threat hunting said that they have no plans to do so
• 33 per cent of respondents feel that ‘not enough resources’ is the biggest security issue that their organisation is facing and 30 per cent felt that ‘lack of automation for IR and investigations’ is the biggest security issue they face