Attivo Networks Blogs

CISOs Weigh In: Detection Across Attack Surfaces Is their Top Priority

Reading Time: 3 minutes  |  Published: June 12, 2020 in Blogs, Deception, EDR, Remote Work, Research

Authored by: Carolyn Crandall, Chief Deception Officer, Attivo Networks – Earlier this year, we worked with SINC to conduct a study on the state of cybersecurity in the United States today. The research focused on companies with over 1,000 employees and over $25 million in annual sales, and respondents were CISOs, CIOs, Cybersecurity Directors, and other high-level security executives within a wide range of industries such as legal, education, entertainment, and healthcare. Our goal was to learn about the highest priority concerns for these executives, how they prioritize and evaluate their activities, and what tools and resources they employ.

New Attack Methods Call for New Detection Tools

The study revealed that detection across a wide range of attack surfaces clearly remains a high priority for security executives, and cloud security continues to be top of mind. The reason for this—at least in part—is because of the shared nature of cloud security. It can often be a challenge to understand where the protections afforded by the cloud provider end and where the customer’s responsibility begins. The fact that many organizations now operate in a multi-cloud environment exacerbates this problem, necessitating a full understanding of each cloud provider’s often vastly different security procedures and processes. It is no surprise that as organizations move more business processes to the cloud, the primary concerns for security executives continue to be denial-of-service attacks and ransomware disruptions.

The primary security approach has long been IDS/IPS, and organizations continue to rely heavily on those tools. However, organizations are increasingly adopting EPP/EDR tools as they look for new ways to add detection coverage and explore multi-use security tools. Adding EDR to EPP will increase detection efficacy, but there will still be coverage gaps as attackers employ different attack vectors across multiple attack surfaces.

Organizations looking for more comprehensive detection are increasingly adding deception technology to their security stack. As attack methods have become more varied, cyber deception has emerged as the most effective way to quickly and efficiently detect the lateral movement of intruders across a wide range of attack surfaces and vectors. Deception has become an integral part of any comprehensive threat detection strategy, and the faster triage and response that it enables makes it a powerful complement to EPP/EDR, IPS/IDS, and other cloud security controls. SINC’s research indicated that security executives are highly focused on business continuity and service availability, prioritizing those solutions that can keep their operations running smoothly. Emphasis is placed on accurate detection, making a combination of reliable perimeter and in-network detection tools essential.

The New Normal, and What the Future Holds

It feels almost cliché to say at this point, but we are living in unprecedented times. The COVID-19 pandemic has forced millions of workers around the world to operate remotely, and security managers have had to adapt rapidly to cover a growing number of endpoints, credentials, and cloud environments. As organizations continue to adjust to this new normal, securing the remote communication channels (VPNs) that enable this shift to remote work will continue to be a high priority for security teams well into the future. Similar emphasis will likely be placed on cloud security, as well as identifying the new threat vectors likely to arise as cybercriminals look to exploit shared security models and this new way of working.

Where most see disaster, cybercriminals see opportunity—something made evident by the fact that even hospitals and pharmaceutical companies researching vaccines have not been immune from cyberattacks during the current pandemic. Although COVID-19 had been a significant disruption for almost every organization, security teams now have access to better tools than they have ever had before. It is more critical now than ever for security leaders to adjust their protection, detection, and recovery strategies to fortify their defenses as they settle into the new normal.

Download “The Cybersecurity Landscape” at https://go.attivonetworks.com/Cybersecurity-Landscape-Report-SINC_Registration.html.

No Comments

Post A Comment

seven + fourteen =