Page 6 - Cyber Defense eMagazine - May 2018
P. 6
As cybercriminals and threat developers shift to sophisticated and more complex
threats, such as unknown malware or file-less attacks, to evade traditional solutions,
companies have started adding layers of protection that back up the standard EPPs.
However, even if stacking multiple solutions like EDR brings stronger security, CISOs
still face trouble managing multiple platforms, chasing false alerts and increasing
security teams while keeping costs down.
A Bitdefender survey of large companies in the US and Europe shows that most CISOs
have difficulties in deploying and maintaining complicated endpoint security
architectures. Seventy-two percent of information security professionals admitted that
their IT team experienced agent and alert fatigue, and 34 percent of US respondents
said their budget could not accommodate infrastructure expansion.
While some companies have started taking steps to defend against advanced attacks
by developing SOCs – many still have no internal structure to deal with modern threats.
With no SOCs in place, CISOs complain about different security flaws. Sixty-four
percent of Americans in companies with no SOC said monitoring activities are one of
their toughest challenges.
On top of that, in terms of manpower and time consumption, managing EDR tools is
described as difficult or very difficult by half of IT execs. Fifteen percent of US CISOs
said it is very difficult deploying these technologies. Some security professionals who
use both protection and detection and response-based security feel they are too noisy.
In fact, Bitdefender research uncovered of all endpoint alerts triggered by monitoring
and response technologies handled by American security teams, 49 percent are false
alarms.
CISOS ARE RUNNING WITH TIED LEGS
Companies that use an EDR solution have acknowledged that a cyberattack can occur
at any time, and protection platforms can only address 99 percent of the threats in the
wild. EDR tools focus on the last one percent of threats, allowing for much greater
fidelity in incident investigations. On average, 82 percent of security professionals in
Europe and the US say that reaction time is a key differentiator in mitigating
cyberattacks. Across the globe, CISOs’ point out that time is of the essence when
isolating the incident to prevent spreading (68%), identifying how the breach occurs
(55%), and evaluating losses and the impact of the breach (51%), mainly. Delayed
response to a cyber incident can also make it harder to accurately identify the initial time
of attack and assess the timeframe (30%), understand the motivation for the
cyberattack (19%), or improve the incident response plan for future attempts (17%).
6 Cyber Defense eMagazine – May 2018 Edition
Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.