It seems that Advanced Persistent Threats (APTs) are the greatest concern for 614 US-based security experts, according to a recent survey by the Ponemon Institute.
In fact, here are the top listed threats respondents worry about:
- 67% advanced threats;
- 57% zero-day attacks; and
- 37% login attacks.
Only 24% of respondents rated their company’s overall effectiveness in detecting APTs as High. Despite these concerns, almost half said their existing detection techniques would not change in the next 12 months.
The report concluded that new solutions are needed due to a lack of confidence existing security infrastructure to detect APTs.
Here are some key findings:
Of those surveyed, 59% said that spotting the difference between normal and abnormal behaviour was key to identifying potential intrusions, but only 38% said that their IT teams could determine normal – let alone abnormal – behaviour.
Respondents blamed insufficient or outdated threat intelligence for failing to determine normal/abnormal behaviours. In fact, 52% cited these reasons when asked why their company failed to stop a security breach.
Those surveyed also talked about problems with existing threat detection technologies. Ticking all that applied:
- 59% said that advanced threat technologies were difficult to deploy;
- 55% said that their company’s advanced threat detection process was too slow to produce actionable intelligence; and
- 53% said that their advanced threat detection did not integrate easily with other security solutions.
Interestingly, this survey uncovered that most companies would change how they prioritise alerts for investigation. 64% of respondents, for example, said they would like to have the alert severity assigned by device, be it the firewall, IPS, or DLP. However, only 34% of the respondents currently used this approach.
When it comes to existing defences, it is no surprise that 9 out of 10 respondents said they employed antimalware systems. 64% used identity and authentication systems and 59% used blacklisting tools to help safeguard their companies.
In terms of machine-generated intelligence solutions, almost three quarters of respondents said they wanted clear, concise and unambiguous reports to help them take immediate action, as well as having this intelligence information integrate with enabling technologies, such as SIEM and other network monitoring tools.
Want to hear more? Download the entire report: Ponemon Institute’s Advanced Threat Detection with Machine-Generated Intelligence.