More than half of cyberattacks infiltrate environments without detection
While organizations continue to invest significant amounts in security controls and assume that this means assets are fully protected, the reality is that a majority of attacks successfully infiltrate production environments without their knowledge.
This is among the findings of a new report from Mandiant Solutions -- the threat intelligence arm of FireEye -- based on real attacks, specific malicious behaviors, and actor-attributed techniques and tactics.
In the tests, 53 percent of attacks successfully infiltrated environments without detection. 26 percent of attacks successfully infiltrated environments but were detected, while 33 percent of attacks were prevented by security tools. Alerts for only nine percent of attacks were generated, demonstrating that most organizations and their security teams don't have the visibility they need into serious threats, even when they use central SIEM, SOAR and analysis platforms.
"Every organization wants reliable data that tells them if their security investments are delivering real value and protecting them from becoming the next major cyber-attack headline," says Chris Key, senior vice president at Mandiant Security Validation. "Our research shows that while the majority of companies assume they’re protected, the truth is that more often than not, they are exposed. Using automated security validation integrated with the latest threat intelligence and frontline expertise, we can help customers validate the health of their infrastructure by testing against threats that are most likely to target their organization. This combination is not only a powerful defensive measure, but it also helps companies prioritize investments where they will have the most impact."
The most common reasons for poor optimization of organizations' security tools are seen as; deployment under default 'out-of-the-box' configurations, lack of resources to tune and tweak post-deployment, security events not making it to the SIEM, an inability to force controls testing, and unexpected changes or drift in the underlying infrastructure.
The research also looked at the techniques used by attackers and finds that in testing network traffic, organizations reported only four percent of reconnaissance activity generated an alert. In addition 68 percent of the time organizations reported their controls did not prevent or detect the detonation within their environment, and 65 percent of the time, security environments were not able to prevent or detect the approaches being tested.
"Whether or not they realize it, organizations across all industries need to combat the alarming reality that is revealed in our Security Effectiveness Report," Key adds. "The only proven way to do that is through continuous validation of security controls against new and existing threats, with technology that automates the measurement of security effectiveness and provides data efficacy of measured outcomes. Our report provides guidance on how exactly to do that."
The full report is available from the FireEye site.