Network and Endpoint Security Still a Challenge for Small and Mid-market Companies
This post was last updated on September 6th, 2019 at 12:09 pm
Knowledge is power, and for the small and mid-market, knowing what threats and vulnerabilities are lurking within your network environment is key. To do this effectively, one cannot simply rely on defensive measures — firewalls, AV software, and other network security and endpoint security tools — without a proactive component.
Regardless of what cybersecurity framework you subscribe to, we can all agree: there is no silver bullet — no cybersecurity solution prevents 100% of attacks. In order to hunt, detect, and respond to the small percentage of cyber threats you don’t know exist, it’s important to go looking for them.
Why Proactive Cybersecurity is Important
As cyber attackers and techniques evolve, “threats” don’t appear malicious when they penetrate your perimeter security solutions. Some advanced threats can be designed to bypass your endpoint security tools, including endpoint detection and response (EDR) platforms, user and entity behavior analysis (UEBA) platforms, and next-gen antivirus tools. As a result, these threats remain unnoticed, lurking inside your IT environment where they wait, learn, explore, and eventually do damage.
At Infocyte, we arm security teams and partners — managed service providers (MSPs) and managed security service providers (MSSPs) — with actionable insights and deep threat intelligence related to the incidents and vulnerabilities that have bypassed defensive/perimeter controls, helping you contain threats faster and with greater accuracy.
Our Mid-market Threat and Incident Response Report
We’re pleased to bring you our first Mid-Market Threat and Incident Response report through Q2 of 2019. This report is based on Infocyte’s and our partners’ inspections of nearly 600,000 systems across hundreds of customer networks within the mid-enterprise business sector.
As part of these inspections, which occurred over a 90-day period from April to June 2019, we performed analysis on over 12.4 million unique files and 44,800 fileless in-memory injections, found in whitelisted/approved applications. We reviewed 33,900+ accounts and associated behavioral logs for malicious activity, and evaluated 161,000+ unique applications for possible threats and vulnerabilities.
What did we find? Quite a lot, actually. Despite the fact that the owners of these systems all had defensive cyber protections in place, many with endpoint security tools, a wide range of threats made it onto their systems—and some lived there for years before we exposed them.
Notable Report Findings
- Of the networks assessed using Infocyte HUNT, 22% had encountered a ransomware attack that successfully executed despite endpoint security tools, advanced firewalls, and other preventative and defensive controls. Ransomware attacks can cost organizations millions of dollars in lost or delayed revenue and restoration efforts.
- Average dwell time for all persistent threats (non-riskware) is 798 days — more than two years for a persistent threat to remain in a network and no one was aware until Infocyte or one of our partners was called to perform a cybersecurity compromise assessment.
- Roughly 6% of the threats found were completely memory resident (fileless) making them among the most advanced threats we discovered. Data provided in our report helps characterize where we’re finding these threats and will benefit threat hunters and incident responders tasked with finding and addressing threats in volatile memory. Hopefully this data also will increase the practice of this type of analysis during proactive hunts and investigations.
- 31.6% of the threats found were validated as malicious using multiple threat intelligence sources or indicators/signatures. However, 4.6% of threats were completely unknown to the threat intelligence community and had no reputation or threat intel matches, but were identified using our product in a proactive threat hunting capacity.
And there’s much more… This data underscores the fact that preventative security measures — while widely adopted — are not sufficient today. Determined adversaries are going to find a way in and many will go undetected — possibly for years — unless you specifically go hunt for them.
With this report, and those we plan to complete in the future, Infocyte is sharing where we have found threats, what we know about them, and how to hunt for them in your own environment. We’re also sharing what companies can do to lower their risk of a successful cyber attack.
Download our Mid-market Threat and Incident Response Report today and increase your awareness of the potential threats and vulnerabilities hiding inside your IT environment.