Latest News

US CISO Conundrum: Multiple Solutions Hardens Posture but Creates Agent and Alert Fatigue

April 2018


Bitdefender survey shows Right Size EDR, not SOC needed to address Security Flaws

Bitdefender, a leading global cybersecurity technology company protecting 500 million users worldwide, today announced the results of its latest survey, showing that more than half of CISOs worldwide (61 percent US) are worried about a global skills shortage. Sixty-nine percent of respondents around the globe also reported that their team is under-resourced, with more than half of respondents in all markets but Italy reporting that their IT security team is too small. Seventy-two percent of information security professionals admitted that their IT team experienced agent and alert fatigue, and 34 percent of US respondents said their budget could not accommodate infrastructure expansion.

The Bitdefender survey explores CISOs’ needs in the prevention-detection-response-investigation era and reveals how the lack of visibility, speed, and personnel affects the development of stronger security practices in companies with both over-burdened and under-resourced IT teams. The survey polled 1,050 people responsible for purchasing IT security within companies in the US and Europe.

Half of the CISOs surveyed worldwide admitted their company was breached in the past year, but one sixth of those respondents don’t know how the breach occurred. Fifty-five percent of US respondents had experienced an advanced attack or malware outbreak. One quarter of all respondents expect this issue to continue, and think their company is likely to face an ongoing security breach without them knowing it. Using existing security tools, US CISOs believe 61 percent of advanced attacks can be prevented, detected, and isolated, but anticipate it would take four weeks to detect any such attack—the highest average amount of time of any market surveyed.

With the global cost of cybersecurity breaches expected to reach $6 trillion by 2021, according to Cybersecurity Ventures, analysts have seen companies’ security spending start migrating from prevention-only approaches to focus more on detection and response. Gartner expects that spending on enhancing endpoint detection and response (EDR) capabilities will become a key priority for security buyers through 2020.

Better tools needed for rapid detection and response

CISOs agree that prevention is faulty, but investigation is a burden. EDR capabilities can provide improved detection and response approaches to prolific security incidents, and using automation can help to address the global shortage of cybersecurity professionals. Specifically, EDR tools best fit resource-strapped businesses with lean IT teams that operate without a Security Operation Center (SOC). However, half of IT executives worldwide said that managing EDR tools is difficult or very difficult. In both the US and UK, 49 percent of all endpoint alerts triggered by monitoring and response techniques turned out to be false alarms. Sixty-four percent of Americans in companies with no SOC said monitoring activities are one of their toughest challenges. Spotting an ongoing breach also means fighting alert fatigue caused by noisy traditional security solutions. It’s a race against time when filtering security alerts, which can be especially difficult if the organization is understaffed and overburdened. Forty-three percent of US respondents, and one third of respondents across all markets, said that lack of proper security tools is the main obstacle that prevents rapid detection and response during a cyberattack.

Time is of the Essence

 

On average, 82 percent of security professionals in Europe and the US say that reaction time is a key differentiator in mitigating cyberattacks. CISOs attest that time is of the essence when isolating the incident to prevent spreading (68 percent), identifying how the breach occurs (55 percent), and evaluating losses and the impact of the breach (51 percent). CISOs agree that delayed response to a cyber incident can also make it harder to accurately identify the initial time of attack and assess the timeframe (30 percent), understand the motivation for the cyberattack (19 percent), or improve the incident response plan for future attempts (17 percent).

“Today’s resource- and skill-constrained IT security teams need an endpoint detection and response (EDR) approach that allows for less human intervention and a higher level of fidelity in incident investigations,” Bitdefender’s VP of Enterprise Solutions Harish Agastya said. “EDR for everyone can be achieved through a funnel-based approach of prevention-detection-investigation-response, leaving the EDR layer to focus on threats further down the funnel in the unknown or potential threat category, and IT teams to focus solely on the alerts and tasks that are truly significant.”

Bitdefender security specialists strongly advise enterprise CISOs consider: the importance and value of an integrated prevent-detect-investigate-respond-evolve approach to endpoint security.

  • Prevent: block all known bad and a high percentage of unknown bad automatically at pre-execution and on-execution layers without needing manual intervention
  • Detect: Gain visibility into suspicious events that could lead to an attack early by built-in intelligence from threat protection engines and analysis of a stream of behavioral events from an endpoint event recorder
  • Investigate: aided by root cause and contextually relevant information on the class of threat that is detected (via the built-in intelligence), the reason of detection (via threat analytics), and ultimate verdict (via an integrated sandbox)
  • Respond: via intuitive incident response interface that enables remedial actions immediately and widely across the enterprise without needing deep expertise
  • Evolve: enables the feedback loop from current detection to future prevention via in-place policy tuning and fortification

Methodology

The survey, conducted in February-March 2018 by Censuswide for Bitdefender, included 1,050 IT security purchase professionals from large enterprises with 1,000+ PCs and data centers, based in the US and Europe. 250 respondents originate from the United States, while 154 are from Germany, 150 from the UK, France, and Italy each, 101 from Denmark, and 100 from Sweden. Some 69 percent of all respondents are male, while more than a third are aged 35 to 44.

 

More than 90 percent of the organizations surveyed in the US and Europe have over 500 employees, covering industry sectors such as IT and Telecoms (38 percent), Manufacturing and Utilities (14 percent), Finance (12 percent), Professional Services (10 percent) and Retail (seven percent), among others.