Sponsored by Raytheon. Don t Wait: The Evolution of Proactive Threat Hunting Executive Summary

Similar documents
The Cost of Denial-of-Services Attacks

Reducing Cybersecurity Costs & Risk through Automation Technologies

Uncovering the Risk of SAP Cyber Breaches

The Third Annual Study on the Cyber Resilient Organization

Big Data Cybersecurity Analytics Research Report Sponsored by Cloudera

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

2016 State of Cybersecurity in Small & Medium-Sized Businesses (SMB)

Security in India: Enabling a New Connected Era

CYBER RESILIENCE & INCIDENT RESPONSE

KEY FINDINGS INTERACTIVE GUIDE. Uncovering Hidden Threats within Encrypted Traffic

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Future State of IT Security A Survey of IT Security Executives

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Managed Enterprise Phishing Protection. Comprehensive protection delivered 24/7 by anti-phishing experts

Evolving the Security Strategy for Growth. Eric Schlesinger Global Director and CISO Polaris Alpha

Data Protection Risks & Regulations in the Global Economy

The Cyber Resilient Organisation in the United Kingdom: Learning to Thrive against Threats

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Third Annual Study on Exchanging Cyber Threat Intelligence: There Has to Be a Better Way

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Best Practices in Securing a Multicloud World

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

IT Monitoring Tool Gaps are Impacting the Business A survey of IT Professionals and Executives

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

HOSTED SECURITY SERVICES

Vulnerability Management Trends In APAC

Ponemon Institute s 2018 Cost of a Data Breach Study

National Survey on Data Center Outages

2015 VORMETRIC INSIDER THREAT REPORT

GLOBAL ENCRYPTION TRENDS STUDY

2016 Nationwide Cyber Security Review: Summary Report. Nationwide Cyber Security Review: Summary Report

GLOBAL PKI TRENDS STUDY

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

The Evolving Role of CISOs

Combating Cyber Risk in the Supply Chain

Security-as-a-Service: The Future of Security Management

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

DIGITAL TRUST Making digital work by making digital secure

CROWDSTRIKE FALCON FOR THE PUBLIC SECTOR

BUILDING AND MAINTAINING SOC

AKAMAI CLOUD SECURITY SOLUTIONS

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

RSA NetWitness Suite Respond in Minutes, Not Months

The State of Cybersecurity in Healthcare Organizations in 2016

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

2017 State of Cybersecurity in Small & Medium-Sized Businesses (SMB)

with Advanced Protection

GLOBAL ENCRYPTION TRENDS STUDY

TRUE SECURITY-AS-A-SERVICE

FOR FINANCIAL SERVICES ORGANIZATIONS

locuz.com SOC Services

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

THREAT HUNTING REPORT

What It Takes to be a CISO in 2017

CYBERSECURITY RESILIENCE

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

ASSESSING THE CYBER READINESS. of the Middle East s Oil and Gas Sector.

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

Securing the Internet of Things (IoT) at the U.S. Department of Veterans Affairs

Six Weeks to Security Operations The AMP Story. Mike Byrne Cyber Security AMP

Managed Endpoint Defense

Are you safe? Your business growth strategies are at the heart of the cyber risks your organization faces

DIGITAL TRANSFORMATION IN FINANCIAL SERVICES

to Enhance Your Cyber Security Needs

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

Continuous protection to reduce risk and maintain production availability

ForeScout Extended Module for Splunk

Cyber Security in Timothy Brown Dell Fellow and CTO Dell Security

The State of Cybersecurity and Digital Trust 2016

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

WHY LEGACY SECURITY ARCHITECTURES ARE INADEQUATE IN A MULTI-CLOUD WORLD

WHITEPAPER ATTIVO NETWORKS DECEPTION TECHNOLOGY FOR MERGERS AND ACQUISITIONS

Run the business. Not the risks.

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE

Big Data Analytics in Cyber Defense

Traditional Security Solutions Have Reached Their Limit

Are we breached? Deloitte's Cyber Threat Hunting

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

May the (IBM) X-Force Be With You

Case Study. Encode helps University of Aberdeen strengthen security and reduce false positives with advanced security intelligence platform

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

Evolution of IT in the Finance Industry. Europe

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Protecting your next investment: The importance of cybersecurity due diligence

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Protecting organisations from the ever evolving Cyber Threat

Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness

NEXT GENERATION SECURITY OPERATIONS CENTER

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Securing a Dynamic Infrastructure. IT Virtualization new challenges

Mastering The Endpoint

CYBER SOLUTIONS & THREAT INTELLIGENCE

2018 MANAGED SECURITY SERVICE PROVIDER (MSSP): BENCHMARK SURVEY Insights That Inform Decision-Making for Retail Industry Outsourcing

Transcription:

Don t Wait: The Evolution of Proactive Threat Hunting Executive Summary Sponsored by Raytheon Independently conducted by Ponemon Institute LLC Publication Date: June 2016 Connect with us: #DontWaitHunt Ponemon Institute Research Report

Part 1. Executive Summary Don t Wait: The Evolution of Proactive Threat Hunting Ponemon Institute, June 2016 The purpose of Don t Wait: The Evolution of Proactive Threat Hunting survey, sponsored by Raytheon, is to examine how organizations are deploying managed security services to strengthen their security posture. The research also looks at the critical success factors, barriers and challenges to having a successful relationship with managed security services providers. We surveyed 1,784 chief information security officers and other senior IT security leaders in North America, Europe, Middle East and Asia Pacific 1 who are familiar with their organizations managed security service practices. Managed security services providers (MSSPs) are engaged by organizations to manage and strengthen its IT environment s security by providing services including security information and event management (SIEM), network security management (NSM), endpoint detection and response (EDR), incident response, forensics and more. Security tools such as anti-virus, firewalls, intrusion detection and sandbox technologies, are built upon the assumption that attackers adhere to a known set of tools and tactics. Today, while a majority of MSSPs focus on these traditional, reactive tools, some provide more advanced, proactive services. Proactive threat hunting services can effectively find sophisticated and damaging threats, including previously undetected attacks, and stop them before businesses suffer damage. In this study, 56 percent of respondents use an MSSP and 22 percent say they plan to engage an MSSP in the future. The Key Findings section of the full version of this report provides analysis of the 56 percent who are engaged with a provider. In many cases, it is a serious security incident such as a data breach that motivates companies to engage an MSSP to strengthen their security posture. A key takeaway is that organizations using MSSPs understand the primary benefits of leveraging external expertise. Eighty percent view MSS as essential, very important or important to their overall IT security strategy. Figure 1 shows the primary reasons to have an MSSP is to improve security posture (59 percent). This is followed closely by the need to reduce the challenge of recruiting and retaining necessary talent (58 percent) and the lack of in-house security technologies (57 percent). The following are the seven most salient research findings. Figure 1. Main reasons organizations use MSSPs Improves our organization s security posture Challenge of recruiting/retaining necessary expertise Lack of in-house technologies 1. MSSPs help companies achieve a stronger security posture. With evolving cyber threats, organizations face the critical challenge of lack of expertise, personnel and resources. MSSPs are seen as filling these gaps to improve their security. 59% 58% 57% 0% 20% 40% 60% 80% 1 The countries represented in these regions are: United States, Canada, United Kingdom, Denmark, France, Germany, Netherlands, Brunei, Kuwait, Saudi Arabia, Oman, Qatar, UAE, India, Australia, Japan, Singapore and South Korea. Ponemon Institute : Research Report Page 1

Many organizations worldwide still typically wait until after a breach before the money is allocated to engage an MSSP. Two-thirds of organizations not currently using an MSSP say that the top trigger would be a significant data loss resulting from an IT security incident. A breach would confirm that the organization s risk of compromise is high, so it becomes a priority. 2. A shift from reactive services to proactive services offered by providers and demanded by organizations is occurring but still in early stages. The lack of proactive threat hunting services could be contributing to the daily barrage of media headlines about data breaches in organizations worldwide. It highlights a need for organizations to be doing more to protect their networks from the most insidious threats. Currently, MSSPs offer cybersecurity assessment (39 percent), integration services (31 percent) and digital forensics and incident response (DFIR) engineering and/or assessment (28 percent). Only 16 percent say their MSS offers proactive threat hunting to find advanced threats based on behaviors and anomalies. 3. Interoperability with security intelligence tools such as SIEM is essential or very important. When asked what characteristics of MSSPs are essential or very important, the number one feature is high interoperability with the company s security intelligence tools such as SIEM (73 percent). Also critical are speedy deployment (65 percent), round-the-clock threat monitoring and management (63 percent), a tried and tested service offering (62 percent) and scalability of services (61 percent). Not as critical are compliance with data protection requirements (52 percent) or indemnification for service failures (36 percent). Whether organizations use MSSPs or not, interoperability/integration between MSSP and customer is top priority. Those currently not using one say it is difficult to find MSSPs that would support or integrate with our systems and requirements. Fifty-three percent list difficulty finding vendors strong in interoperability as the reason they choose not to outsource. 4. MSSPs provide insights about security events and a better understanding of the external threat environment. Sixty-five percent of respondents believe their MSSP leverages insight gained from monitoring a large number of security events from a global customer base and 53 percent say the MSSP helps to better understand the external threat environment through the collection and analysis of information on attackers, methods and motives. More than half (51 percent) say it effectively mitigates the risks after they are identified. 5. MSSPs have identified existing software vulnerabilities that are more than three months old. Fifty-four percent of respondents say their MSSPs identified exploits of existing software vulnerabilities greater than three months old, and 45 percent say exploits of existing software vulnerabilities less than three months old have been discovered. They also revealed Web-borne malware attacks (51 percent). New threats are often going undetected because typical providers are not actively identifying new threats but importing threats identified by industry into their toolsets. 6. Responsibility for relationships with MSSPs is shifting. Fifty-nine percent say responsibility for the MSSP is shifting from IT to the lines of business. Today, however, the IT (43 percent) or IT security professional (15 percent) owns their organizations relationships with MSSPs. This represents a trend that MSS services are not considered a commodity but a strategic element and competitive advantage companies can foster. One reason for this shift is in many organizations the CEO and board of directors now have a responsibility to the shareholders to ensure that companies are protected. 7. A lack of visibility into the outsourcer s IT security infrastructure is a barrier to successful outsourcing of security services. Fifty-one percent say a lack of visibility into the outsourcer s IT security infrastructure is the main hindrance to a successful approach to outsourcing. Other barriers are inconsistency with the organization s culture (49 percent) and turf or silo issues between the organization s IT security operations team and the outsourcer (46 percent). Ponemon Institute : Research Report Page 2

Even though the lion s share of information security leaders agree that MSS is an important part of their overall cybersecurity strategy, most of those are still focusing on basic commodities and ignoring proactive approaches such as threat hunting. Outsourcing to providers with highly trained experts will become a necessity as organizations mature their IT infrastructure and the MSSP partners improve technologies and approaches. The old adage of building higher walls has proven insufficient in the face of cyber threats that are more complex and sophisticated. The current, most-effective security concept is detect, isolate and eradicate through an in-house team, a managed security service provider, or a hybrid solution that includes both. Part 2. Conclusion The old cybersecurity concept of defend, detect and respond is insufficient in the face of today s sophisticated threats. The current, most-effective security concept is detect, isolate and eradicate through an in-house team or with a managed security service provider. Proactive threat hunting becomes a must for organizations as cyberthreats from cyber criminals, nation states and other malicious actors become more difficult to detect and deflect. The shift from reactive services to proactive service is occurring today. Even though the lion s share of information security leaders agree that MSS is an important part of their overall cybersecurity strategy, most of those are still focusing on commodity prevention-based services and ignoring proactive security. Organizations need to reverse their strategies if they are to remain competitive in today s global economy. The concern for many companies is whether an MSSP will work seamlessly with their current systems and whether their data will be safe. The strongest MSSP is solution agnostic, allowing the data to stay with the client, providing actionable reports, building historical perspectives, and proactively hunting for problems. Insufficient personnel and lack of in-house experts are the top challenges to a robust security posture. Organizations lacking adequate numbers of elite cyber professionals or staffs with the skills the company needs can turn to managed security service providers. As the cost of these employees increases, it will become more challenging to retain talent. A model is needed that supports this and grows staff as needed. Savvy organizations choose vendors able to offer proactive threat hunting that scales with this growth. To meet organizational challenges of keeping up with the latest technologies, accessing elite talent and staying ahead of emerging cyberthreats, a strong managed security service provider can serve as a trusted partner focused on meeting each customer s unique needs. Savvy information security leaders don t wait until their organization has become a victim. Part 3. Recommendations Information security leaders worldwide in all organization sizes and industries can take steps to understand how proactive threat hunting and traditional managed security services can help them achieve organizational objectives and reduce risk. Identify the organization s specific needs and requirements and what can and should be done in-house or by outsourcing Evaluate information security staff skill sets and team size Consider the value added by commodity services against proactive threat hunting to find and mitigate the sophisticated and damaging threats in today s rapidly evolving landscape Evaluate the current vendor, if any, based on the following criteria: o Ability to do proactive hunting of malware and other advanced threats Ponemon Institute : Research Report Page 3

o Willingness to work with any new or existing technologies (product agnostic) o Ability to scale services with the growth of the organization Ensure a new or current vendor can advise on the best solutions that fulfill their needs and requirements Part 4. Methods A sampling frame of 51,712 IT security practitioners in North America, Europe, Middle East and Asia Pacific were selected to participate in this survey. To ensure reliability, the selected participants are familiar with their organizations managed security services. Table 2 shows 1,967 total returns. Screening and reliability checks required the removal of 183 surveys. Our final sample consisted of 1,784 surveys or a 3.4 percent response. Table 2. Sample response Freq Pct% Sampling frame 51,712 100.0% Total returns 1,967 3.8% Rejected or screened surveys 183 0.4% Final sample 1,784 3.4% Pie Chart 1 reports the industry classification of respondents organizations. This chart identifies financial services (17 percent) as the largest segment, followed by industrial/manufacturing (12 percent) and government sector (12 percent). Pie Chart 1. Primary industry focus 6% 6% 5% 9% 3% 3% 2% 2% 4% 9% 10% 17% 12% 12% Financial services Industrial/manufacturing Government Services Health & pharmaceutical Retail Energy & utilities Technology & software Consumer products Hospitality Communications Transportation Entertainment & media Other Ponemon Institute : Research Report Page 4

Pie Chart 2 shows 70 percent of respondents are from organizations with a global headcount of more than 1,000 employees. Pie Chart 2. Global employee headcount 6% 9% 13% Less than 500 21% 500 to 1,000 1,001 to 5,000 5,001 to 25,000 22% 25,001 to 75,000 More than 75,000 28% Part 6. Caveats to this study There are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most Web-based surveys. Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument. Sampling-frame bias: The accuracy is based on contact information and the degree to which the list is representative of IT security practitioners who are familiar with their organizations managed security services. We also acknowledge that the results may be biased by external events such as media coverage. Finally, because we used a Web-based collection method, it is possible that non-web responses by mailed survey or telephone call would result in a different pattern of findings. Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide accurate responses. Please contact research@ponemon.org or call us at 800.877.3118 if you have any questions. Ponemon Institute : Research Report Page 5

Ponemon Institute Advancing Responsible Information Management Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations. As a member of the Council of American Survey Research Organizations (CASRO), we uphold strict data confidentiality, privacy and ethical research standards. We do not collect any personally identifiable information from individuals (or company identifiable information in our business research). Furthermore, we have strict quality standards to ensure that subjects are not asked extraneous, irrelevant or improper questions. Copyright 2016, Raytheon Company, Ponemon Institute, LLC. All rights reserved. No parts of this material may be reproduced in any form without the written permission of Raytheon or the Ponemon Institute, LLC. Permission has been obtained from the copyright co-owner, Raytheon to publish this reproduction, which is the same in all material respects, as the original unless approved as changed. No parts of this document may be reproduced, stored in any retrieval system, or transmitted in any form, or by any means electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of Raytheon or the Ponemon Institute, LLC. This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations. Cleared for public release. Ref# E16-6SP5 Ponemon Institute : Research Report Page 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback