As cybercriminals and nation-states continue to improve the sophistication of attacks that bypass traditional preventive defences, organisations must evolve their security defences to reduce dwell time. Fidelis Cybersecurity asked cybersecurity leaders, security architects and security analysts about the evolution of their cyber defence strategies, including post-breach detection and response, as well as threat hunting.
Fidelis interviewed over 580 security professionals from around the globe to understand how they are shifting their security strategies. In the Fidelis 2018 State of Threat Detection Report, 63 per cent of all respondents said they do not currently employ threat hunting or do not know if they do, with just over half (51 per cent) of organisations with over 5000 employees stating that they threat hunt. The Fidelis report also addressed broader detection and response capabilities and found some unsettling indicators that suggest that post-breach detection strategies are not robust enough to deal with the tactics, techniques and procedures being used by today’s threat actors.
Overall, just 21 per cent of respondents perceived their detection measures to be highly effective. Healthcare and federal public-sector organisations have the lowest confidence levels with just 5 per cent and 6 per cent of respondents respectively stating that they felt their detection capabilities were highly effective. In addition, 45 per cent of respondents stated that they do not have an endpoint detection and response solution currently in place and 38 per cent of all participants stated that they do not have a breach detection strategy in place at all.
“In discussions with our enterprise customers from around the globe, a recurring theme is the desire to hunt for threats,” said Nick Lantuh, CEO of Fidelis. “The common challenges they face are the lack of resources and expertise necessary to do it right, which our study has also confirmed. Organisations need the depth of insights into their data, the proper analytical tools, automated detection & response and the expertise to shift their defence strategy from being rocked back on their heels to up on their toes.”
Nearly half of the professionals who participated in the study noted they didn’t have the time to threat hunt, and a third cited lack of skills. But almost all of them – 88 per cent - believe threat hunting is a necessity.
With time, skills and resources cited as major barriers to sophisticated detection measures, outsourcing detection and response and threat hunting to Managed Detection and Response (MDR) Service is an option that should be considered. MDR enables organisations to completely outsource or augment their teams to ensure accurate threat detection and swift response to minimise dwell time.
Other findings from the report include: