Deception technology speeds up detection of attacks
Users of deception technology report a 12X improvement in the average number of days it takes to detect attackers operating within an enterprise network.
New research for Attivo Networks carried out by Enterprise Management Associates suggests attacker dwell times can be as low as 5.5 days with deception in use compared to an average of 78 to 100 days for those not using the technology.
When respondents were asked to rank 12 security tools for detecting insider threats, 30 percent ranked deception technology, tied with next-generation endpoint security, as the most effective tool in detecting insider threats.
"Quantifying the return on investment of security controls can be extremely challenging and is often tied to overall breach metrics that can be heavily debated," says Carolyn Crandall, chief deception officer and CMO of Attivo Networks. "This survey is particularly interesting in that it quantifies the specific value derived and the sentiment of deception technology users compared to non-users."
The top five benefits of the technology are cited as faster incident response (13 percent), detection of basic and advanced threats regardless of techniques (12 percent), more actionable alerts (12 percent), intelligence on attacker movement techniques and targets (12 percent), and visibility to attack paths and credential vulnerabilities (12 percent).
In addition 71 percent of respondents cite that they have achieved a higher value from the technology than initially expected, while 84 percent plan to increase their spending in the future.
Crandall continues, "Cybersecurity has traditionally been a 'cat and mouse game' between IT teams and cyber attackers, with a cybercriminal's arsenal continually evolving. Deception technology, however, shifts power back to the defender, giving organizations visibility and early detection, company-specific threat intelligence, and faster incident response."
The full report is available from the Attivo site.