New Research Finds Dramatic Shift in Security Budgets from Prevention to Detection Solutions
Study Conducted by Anderson Research Shows 49% Allocated to Detection, Now at Parity with Prevention
Fremont, CA., January 25, 2016— Attivo Networks®, the award-winning leader in deception for cybersecurity defense, today announced that a survey conducted by Anderson Research shows the portion of security budgets targeted for detection solutions increased substantially over 2015. According to those security professionals surveyed, their current budgets have shifted and are now split evenly between detection and prevention solutions. The report, sponsored by Attivo Networks, was conducted last quarter among security professionals from over seven industry sectors throughout the U.S. According to industry estimates, enterprises have historically spent more than 75% of their InfoSec technology budgets on preventative technologies.
Nearly 80 percent (73.1%) of those surveyed feel they are at risk of a security breach and only half (51.9%) feel their security defenses are reliably stopping threats from getting into their networks. Three quarters (70.3%) are more concerned about in-network threat detection than in 2015. These numbers validate that organizations are adopting an “assumed breached” security posture and are now looking to modernize their security infrastructure with tools that provide accurate in-network threat visibility and will improve their efficiency in post infection detection and response.
Detecting in-network threats can be challenging because of limited visibility, the complexity and resource intensity of correlating attack information and incident response. Alert fatigue is also common challenge driven by many detection solutions generating more alerts than security teams can address. The most common cited issues were:
- Limited resources to respond. In fact, 65.2% indicated they agreed (42%) or strongly agreed (23.2%) with this.
- Correlating attack information and activity accurately is too resource intensive (59.2%)
- Too many false positives (52.2%)
- Lack of visibility to threats inside their network (54.5%)
According to the survey, key motivators for shifting budget to detection solutions include early visibility to in-network threats or misconfigurations that could lead to a breach (68.5%); followed by automated attack correlation for resource efficiency (55.1%), automated blocking and quarantine of attacks of accelerated incident response (42.7%), and the elimination of false positives for accuracy and incident response efficiency (42.1%).
The survey went on to explore the challenges faced by organizations implementing detection as a security solution, which included more logs and data to manage (63.4%), the number of false positives generated (48.3%), lack of trained resources (46.5%), too complex or time consuming to manage (39.5%), more tools to manage (34.3%) and lack of budget (33.1%).
The concept of deception-based threat detection was introduced in the survey and of the respondents looking for new detection solutions, 60% agree, 11% strongly agreed, that they would consider deception-based detection for in-network threats.
According to Gartner in Applying Deception Technologies and Techniques to Improve Threat Detection and Response, “many organizations can benefit from implementing deception technologies and techniques. Although it is not a requirement from any significant compliance mandate, deception is a valid approach to complement a security architecture and to address some of the shortcomings of other security solutions.”
“Increasing the size of detection budgets is a critical change in the security planning process,” said Tushar Kothari, CEO of Attivo Networks. “There have been too many breaches in the past to suggest that prevention tools alone can protect organizations. With advanced detection technologies like deception, the prior complexity and resource intensity challenges of in-network treat detection are elegantly solved. It’s exciting to see so much interest in deception among those who were surveyed.”
The survey respondents represented a wide spectrum of industries including financial services, healthcare, telecom, retail, manufacturing, hospitality and education. A third were from companies with more than 50,000 employees (30.5%) and two thirds (66.3%) from companies with more than $100 million in revenue.
About Attivo Networks
Attivo Networks® is the leader in deception technology for real-time detection, analysis, and accelerated response to cyber-attacks. The Attivo ThreatMatrix™ Deception and Response Platform accurately detects advanced in-network threats and provides scalable continuous threat management for user networks, data centers, cloud, IoT, ICS-SCADA, and POS environments. Attivo Camouflage dynamic deception techniques and decoys efficiently lure and deceive attackers into revealing themselves while attack path and lateral movement tracking provide accurate visibility to advanced, credential, ransomware, and insider threats that have evaded prevention systems. The solution’s automated attack analysis and forensic reporting provides evidence-based alerts, and auto-blocking and quarantine of attacks for accelerated incident response. For more information, visit www.attivonetworks.com
Follow Attivo Networks: Twitter and LinkedIn
415-963-4082 ext. 101