Users of deception technology report a 12X improvement in the average number of days it takes to detect attackers operating within an enterprise network.
New research for Attivo Networks carried out by Enterprise Management Associates suggests attacker dwell times can be as low as 5.5 days with deception in use compared to an average of 78 to 100 days for those not using the technology.
When respondents were asked to rank 12 security tools for detecting insider threats, 30 percent ranked deception technology, tied with next-generation endpoint security, as the most effective tool in detecting insider threats.
“Quantifying the return on investment of security controls can be extremely challenging and is often tied to overall breach metrics that can be heavily debated,” says Carolyn Crandall, chief deception officer and CMO of Attivo Networks. “This survey is particularly interesting in that it quantifies the specific value derived and the sentiment of deception technology users compared to non-users.”
The top five benefits of the technology are cited as faster incident response (13 percent), detection of basic and advanced threats regardless of techniques (12 percent), more actionable alerts (12 percent), intelligence on attacker movement techniques and targets (12 percent), and visibility to attack paths and credential vulnerabilities (12 percent).