2019 top threat detection trends survey · throughout 2019, attivo networks conducted worldwide...

S URVE Y RESU LTS

2019 TOP THREAT DETECTION TRENDS SURVEY

www.attivonetworks.comSurvey Results 2

CONTENTS

EXECUTIVE SUMMARY 3

THE SURVEY RESULTS 6

TYPES OF ATTACKS CYBER DEFENDERS ARE MOST CONCERNED ABOUT 6

TOP ATTACK CONCERNS BY VERTICAL 7

Key Insights 7

WHICH ATTACK SURFACES PRESENT THE GREATEST THREAT 8

Key Insights 8

DETECTION CONTROLS THREAT ACTORS ARE MOST CONCERNED ABOUT 9

Key Insights 10

HOW OFTEN ARE CYBERATTACKERS EXPECTING DECEPTION TECHNOLOGY 11 Key Insights 12

ARE DWELL TIMES HEALTHY AND ARE THEY IMPROVING? 13

Key Insights 13

MEAN-TIME-TO-DETECTION 14

Key Insights 14

AVERAGE TIME TO DETECT LATERAL MOVEMENT 15

Key Insights 15

AVERAGE TIME TO IDENTIFY THE SOURCE OF AN ATTACK 16

Key Insights 16

WHAT SECURITY FRAMEWORK DO YOU USE? 17

Key Insights 17 CONCLUSION 18 PARTICIPANT CHARACTERISTICS 19 REGION 19

PARTICIPANT TITLE 19

PARTICIPANT INDUSTRY - TOP 10 19

PARTICIPANT ORGANIZATION SIZE 19

www.attivonetworks.comSurvey Results

EXECUTIVE SUMMARY

Throughout 2019, Attivo Networks conducted worldwide research to capture top trends related to cybersecurity

threat detection. The company surveyed 1,249 security professionals with participants in North America, Europe, and

Australia, representing predominantly midsize and large firms across 15 different industry sectors.

The survey consisted of ten questions related specifically to cybersecurity threat detection, several of which we

asked to a similar audience in 2018, which allowed for a year over year comparison of shifting cybersecurity and

threat detection concerns. The report highlights the themes and observations we made across four key areas of

detection and includes questions related to types of attacks, attack surfaces, detection and response times, as well

as detection tools and resources. We gathered the insights from this survey at security-focused regional events and

national tradeshows.

The purpose of this report is to provide a trending benchmark related to security threats and build upon the research

collected during a prior survey in 2018.

KEY FINDINGSDWELL TIME

As an industry, we did not recognize improvements in reducing attacker dwell time, the time it takes to detect an

attacker once they have infected the network. When asked whether 100 days was representative of dwell time in

their organization, responses remained relatively consistent with last year’s results, with nearly two-thirds (64%) of

respondents answering that 100 days of dwell times sounded about right or was too low (compared to 61% last year).

When asked about whether companies were seeing improvement, only a moderate number of responses indicated

improving times, with 32% of respondents reporting a decrease, which represented a minor 1% gain. The number of

respondents indicating an increase in dwell times was 28%, a drop of 4%, and those who saw no change were at 18%,

a decline of 5%. Compared to last year, the highest jump in responses – and an alarming trend – came from the 22%

who stated that they were not tracking dwell time statistics. Up 7% from last year, this highlights a continued need

for more efficient tools to detect and track in-network threat activity.


TOP ATTACKS OF C ONC ERN TO DEFENDER S

Despite significant investments in prevention solutions, malware and ransomware activity continued to top the list of

attacks that concerned defenders. This category jumped up 5% to 66% from last year and remained the top concern,

demonstrating that anti-virus, firewalls, and other prevention technologies still struggle to detect and stop them.

Phishing and Social Engineering remains the second-highest concern, growing 6% to 64%. Credential theft decreased

6% to 46%, and targeted attacks went down 5% to 45%, likely attributable to the use of credential-based deception

solutions. DDOS increased 4% to 31%, MitM/Session hijacking remained a steady challenge at 15%, and Crypto-mining

dropped 5% to 15%.

TOP ATTACKS SURFACES

When asked about attack surfaces that create the most significant concerns, User Networks and Endpoints took the

number one spot, with 65% of respondents naming it as the attack surface that concerned them most. This category

also had the highest increase as an attack surface with an 11% jump from last year’s 54%. Cloud still maintained

a strong second position at 63% with only a minor 1% increase from last year. Datacenters and Remote or Branch

offices took 3rd place at 35% each with drops of 1% and 6%, respectively. In comparison, one quarter chose Network

or Telecom and Specialized environments (a 10% drop from last year’s 35%). With the dramatic change in the number

of people that have moved to remote working in 2020 in response to the coronavirus pandemic, we expect to see a

significant rise in concerns related to remote worker risk in future research. This impact of remote working might also

show up in the increased concerns related to endpoints, cloud operations, VPN, and SaaS security.

SECUR ITY CONTROLS TH AT CONCERN ATTACKER S

When asked which security controls respondents believed attackers were wary of, no single detection control

garnered a majority. This result appears to indicate a belief in the need for a layered defense and a mix of both legacy

and modern detection tools that can play complementary roles to each other. Participants believe that the detection

controls that most concern threat actors are deception (40%), next-generation firewalls (also at 40%), and Traffic

Analysis (44%). These results would indicate that respondents view NGF and Traffic Analysis as effective at detecting

and stopping known threats from the outside. At the same time, they believe that deception (40%) is what attackers

think can best detect and derail their in-network activity. This high rating for deception could also be attributable to

the effect they feel from more advanced platforms that can significantly impact their attacks with the ability to alter

the results delivered to their automated tools. By hiding real assets and providing results that appear genuine but are

fake, the attackers can no longer trust their tools, which forces them to slow down and incur increased attack costs.


L ATER AL MOVEMENT DETECTION

On the subject of detecting lateral movement, 98% of respondents responded, with 41% answering that they could

quickly detect lateral movement in a day or less, showing confidence in internal detection tools like deception

technology. Around 25% of respondents felt that they could detect lateral movement anywhere from a day to a week,

and 9% stated it takes them longer than a week. While the lower end of the time scale is still reasonable, the higher

detection time lag can result in greater chances of attack success. Over one in four (27%) respondents cited they

were unsure of how fast their organization could detect lateral movement, which one could attribute either to their

inability to detect lateral movement, not tracking the metric, or lacking the means to. The lack of capability mostly

arose amongst small businesses that found themselves merely responding to attacks and monitoring their case

closure. The findings related to the time it took to identify the source of an attack was almost identical to the time it

took to detect the lateral movement.

SECUR ITY FR A ME WORKS

The survey also explored what Security Frameworks were being used to guide their organization’s security

strategies. Over three in four respondents were using some form of Security Framework with most following the

NIST Cybersecurity framework (45% of responses) followed by the ISO 27000 family of standards (37%). One in four

respondents stated they did not currently use any security framework. It is worth noting that several respondents

wrote in the MITRE ATT&CK Framework as part of the “Other” category.


THE SURVEY RESULTS The first polling questions captured the top concerns of organizations and determined if there were any variations by

industry. The next section explored the top information security concerns related to finding and stopping attackers

and identifying which technologies are impacting attackers. It also asked about shifts in time to detect and respond

to incidents, as well as the security technologies used to affect this change.

After each question in the survey report, Attivo Networks has added key takeaways related specifically to detection

technology and other anecdotal information collected at the events where we obtained the survey responses.

WHAT TYPES OF ATTACKS ARE CYBER DEFENDERS MOST CONCERNED ABOUT?

SAMPLE SIZE: 1233 (99%) NOTE: Respondents could select multiple options

Compared to last year’s data, malware and ransomware attacks jumped up 5% to 66% and remained the top concern,

demonstrating that anti-virus, firewalls, and other prevention technologies still struggle to contain them. Phishing

and Social Engineering (up 6% to 64%) also remained the second-highest concern, indicating that organizations

understand the need to protect against attacks that can bypass defenses by targeting users directly. While both

credential theft (down 6% to 46%) and targeted attacks (down 5% to 45%) lost a little ground, they remain highly

ranked, indicating that respondents still worry about their ability to detect credential harvesting and misuse and

detect threats where an attacker is using advanced techniques. DDOS (up 4% to 31%) and Other attacks (up 2% to

4%) saw a slight uptick, while MitM/Session hijacking remained steady at 15%, and Cryptomining dropped 5% to 15%.

When broken down by vertical, industries most sensitive to data loss or interruptions to normal operations cited

malware and ransomware as concerns, namely Healthcare, SLED/Universities, Energy/Utilities/Manufacturing/


Agriculture, and Legal/Professional Services. Interestingly, Financial Services was more concerned about Phishing/Social Engineering over Credential Theft and Malware/Ransomware, likely because of the amount of interaction the industry has with the public and the sensitivity it has to monetary fraud, which attackers usually perpetrate via

social engineering.

TOP ATTACK CONCERNS BY VERTICAL

ENERGY/ UTILS,

MFG, AGRI

FINL SERV

GOV’T, FED

HEALTHLEGAL,

PRO SERV

TECHRETAIL/ HOSP, MEDIA/ ENTMT

SLED, UNIV

OTHER

Credential Theft 18% 19% 13% 17% 16% 16% 18% 16% 14%

Cryptomining 4% 5% 6% 5% 5% 6% 4% 2% 6%

DDOS 7% 12% 10% 11% 11% 11% 9% 6% 11%

Malware/ Ransomware 27% 22% 23% 25% 25% 22% 23% 27% 23%

MitM/Session Hijacking 3% 4% 6% 5% 5% 6% 5% 7% 6%

Phishing/Social Engineering 24% 23% 21% 22% 24% 21% 24% 25% 22%

Targeted attacks 15% 14% 21% 13% 13% 17% 16% 14% 16%

Other attacks 2% 1% 0% 0% 1% 1% 2% 4% 3%

Total Responses 260 553 275 194 357 1164 217 152 316

Key Insights: Cyber hygiene remains a significant issue, and although organizations must stay vigilant in their training and

education programs, they still need to do more to quickly and accurately detect human error, misconfigurations,

or exposures from employees not maintaining and patching their system software. Organizations need to review

the different attack vectors that attackers use to target their industries and map how their security controls are

working to prevent a successful attack. Whether big or small, businesses need to make sure that they have built-in

safety nets in place for when threat actors bypass their front-line defenses. Deception technology has become a

preferred detection control for many security teams based on its comprehensive ability to detect across all attack

vectors without relying on signatures, pattern matching, or database lookup. It is often deployed on the endpoint in

conjunction with EDR solutions to augment detection based on credential theft, Active Directory reconnaissance, and

other forms of lateral movement that an attacker will attempt from an infected endpoint. Deception is also now used

commonly in environments where organizations cannot install traditional AV or where there is not a means to create

and use logs for detection.


WHICH ATTACK SURFACES PRESENT THE GREATEST THREAT?


User Networks and Endpoints garnered 65% of the responses (an 11% jump from last year’s 54%) to overtake Cloud

as the number one attack surface presenting the most significant threat. Meanwhile, Cloud still maintained a strong

presence at 63% (up 1% from last year). A little over one-third of respondents selected Datacenters and Remote or

Branch offices at 35% each (a drop of 1% and 6%, respectively). In comparison, one quarter chose Network or Telecom

and Specialized environments (a 10% drop from last year’s 35%).

Key Insights: The significant jump in respondents identifying User Networks and Endpoints as the attack surface concerning them

most encompasses many factors, such as the number of successful endpoint attacks, the increased use of unknown

or zero-day attacks, the rising cost per endpoint breach, and difficulties associated with false positives rates and

continued staffing challenges. The steady number of responses choosing Cloud results from the continued migration

of companies to IaaS or SaaS services and concerns they have over securing these broad attack surface and shared

security models.


WHAT DETECTION CONTROLS ARE THREAT ACTORS MOST CONCERNED ABOUT?


While no single detection control garnered a majority, participants believe that the detection controls that most

concern threat actors are deception (40%), next-generation firewalls (also at 40%), and Traffic Analysis (44%). These

results would indicate respondents view NGF and Traffic Analysis as the most effective ways to detect and stop

known threats from the outside. At the same time, they feel that deception (40%) fares well as it is the technology

that attackers believe can best detect their in-network activity, regardless of the tactics, techniques, and procedures

they use, or the attack surface and attack vector.

Respondents believed that attackers were concerned about IDS (39%) and SIEMs (37%), while only (27%) felt that

attackers would worry about EDR and NextGen AV — all well-established technologies. Likely the lower scores reflect

an attacker’s access to documented bypass techniques and coverage gaps that they can exploit.

Respondents felt that attackers remain least concerned about IAM (22%) and UEBA (15%). Attackers can bypass

IAM with the right set of stolen credentials, while UEBA has complexities and difficulties associated with deploying,

configuring, operating, and establishing a baseline. The complex management often leads to coverage limitations or

mistakes that attackers believe they can leverage in their favor.


Key Insights: Attackers are fully expecting that organizations are going to be monitoring their traffic and will have either next-gen

firewalls or IDS systems in place. They have become quite savvy at understanding the weaknesses of these controls

and working carefully to avoid being detected by them. According to respondents, attackers are, however, becoming

increasingly concerned about cyber-deception. With modern advancements, they can no longer quickly identify the

decoys, bait, and lures as they could earlier generation honeypots. Even when they are expecting deception, it is now

so authentic that they do not realize they have engaged until it is too late, or sometimes not even at all. Defenders

are leveraging these modern enhancements to quickly detect lateral movement with decoys, lures, bait, and other

misdirections that feed false information and lead the attacker directly into a decoy environment. All the while, the

attacker’s tools are gathering incorrect information that appears as real, further throwing the attacker off-trail and

negating their attack.

70% of deception users with a high level of familiarity with the technology rated their organizations as highly effective in detecting and responding to in-network attackers early in the attack cycle.

- EMA - Definitive Market Guide to Deception Technology August 2019

”

“

https://go.attivonetworks.com/EMA-Definitive-Market-Guide-to-Deception-Technology-Research-Paper-2019.html


HOW OFTEN ARE CYBERATTACKERS EXPECTING DECEPTION TECHNOLOGY?

SAMPLE SIZE: 1234 (99%) NOTE: Respondents could only select a single option

When compared to last year’s data, fewer respondents felt unsure (a 7% drop to 12%) about whether or not attackers

expected deception. There was a slight increase (up 2% to 41%) when you aggregated the number of people

who felt that attackers rarely to never expected to encounter deception. In situations where an attacker is not

expecting deception, organizations can leverage the element of surprise with a basic deception strategy. However,

with the increasing number (7%), and now almost half (49%) of organizations that felt that attackers frequently

or always anticipated deception, they can take advantage of the more modern deception offerings that provide

greater authenticity with highly believable and real-looking deception assets. They can also deploy a wide variety of

other deceptions, including bait, lures, misdirections, and decoy documents, to further confuse and disrupt even the

suspecting adversary. Organizations need to increase their focus outside of their primary environments to protect

their information and operations from attackers seeking new points of entry to compromise.


HOW OFTEN ARE CYBERATTACKERS EXPECTING DECEPTION TECHNOLOGY? – RESPONSES BY VERTICAL

ALWAYS FREQUENTLY UNSURE RARELY NOT AT ALL TOTAL RESPONSES

Agriculture 0% 100% 0% 0% 0% 1

Energy/Utilities 5% 25% 20% 45% 5% 20

Federal 27% 30% 8% 32% 2% 96

Financial Services 16% 29% 15% 38% 2% 172

Government 0% 0% 50% 50% 0% 2

Healthcare 10% 25% 15% 43% 7% 68

Legal 13% 40% 13% 33% 0% 15

Manufacturing 13% 29% 8% 47% 3% 76

Media/Entertainment 6% 44% 19% 19% 13% 16

Other 20% 29% 9% 36% 6% 111

Professional Services 13% 31% 18% 32% 6% 114

Retail/Hospitality 16% 31% 30% 8% 15% 61

SLED 12% 35% 30% 5% 18% 60

Technology 16% 33% 38% 4% 9% 420

University 0% 0% 50% 50% 0% 2

Key Insights: More and more attackers are expecting deception in an enterprises’ network. Security assessment firms definitely

expect to see it as they conduct their penetration or Red Team tests. Noting that this may have driven the increased

number that stated that attackers expected deception in this year’s survey. Many attackers and Red Teams believe that

they can identify a deception deployment, and depending on the vendors, this can be true. However, some of the most

advanced deception solutions that provide a full fabric of deception make it exceptionally difficult for the attacker to

move successfully from an endpoint, query Active Directory, or conduct other forms of reconnaissance without quickly

triggering a detection alert. These solutions also fool HoneyPotBuster and other attacker tools into falling for the

deception and consistently become prey. As the saying goes, deception technology has leveled the playing field, and the

attacker now must also be right all of the time.


ARE DWELL TIMES HEALTHY AND ARE THEY IMPROVING?

SAMPLE SIZE: 927 (74%)

NOTE: This does not include the 21% of total respondents who answered: “Don’t Know.”

Responses about dwell times remained relatively consistent with last year’s results, with nearly one-third (64%) of

respondents answering that 100 days of dwell time sounded about right or was too low (compared to 61% last year).

Even though dwell times improved over the previous year, they still averaged about two to three months.

Key Insights: As a whole, the industry saw a reduction in dwell times. Part of this could stem from the rise in ransomware

attacks where the attackers want early discovery so victims could send payments faster. The fact that a majority of

respondents indicated that 100 days sounded about right or was too low hints at a continued concern with detection

capabilities lacking effectiveness in discovering attackers who’ve bypassed perimeter defenses. The improvements in

dwell time statistics indicate that organizations are potentially getting better at detecting in-network attackers, or it

could be due to the prevalence of ransomware attacks.

Roughly one-third of respondents indicated that 100 days was too high, showing confidence in their in-network

detection tools. One such tool that effectively reduces dwell times is deception technology. The 2019 Enterprise

Management Associates independent survey found that organizations that use deception technology have reported

reduced dwell times of around five days, in contrast to the over 60 days of dwell time that non-deception users said,

a 90% improvement. Coupled with users of deception technology reporting a twelvefold decrease in time to respond,

one can see the value that deception can add to improving incident response.


WHAT’S THE STATUS OF YOUR MEAN-TIME-TO-DETECTION?

SAMPLE SIZE: 1071 (86% of Respondents) NOTE: Respondents could only select a single option

Compared to last year, the highest jump in responses came from those who were not tracking the mean-time-to-

detection (up 7% to 22%), shifting the other answers downward. Other numbers stayed roughly consistent, with

those reporting increased dwell times dropping 4% to 28%, those who saw no change dropping 5% to 18%, and those

showing a decrease dropping 1% to 32%.

Key Insights: Although organizations are investing in security solutions, cybercriminals are still staying ahead in their ability to

remain hidden within the network. In discussions with businesses, the challenges remain in the volume of alerts and

data they receive. All too often, they either don’t have the staff to investigate, or individually, the alert simply looks

benign. Organizations are appearing to be investing more in endpoint detection and response (EDR) solutions and

also in deception-based endpoint protection technologies to detect attackers early and lock down these systems

from lateral movement. The 2019 Enterprise Management Associates independent survey ranked deception as a #1

security control for its efficiency in detecting insider threats.


WHAT’S YOUR AVERAGE TIME TO DETECT LATERAL MOVEMENT?


Over 40% of respondents answered that they could quickly detect lateral movement in a day or less, showing

confidence in internal detection tools like deception technology. Around three in ten respondents felt that they could

detect lateral movement anywhere from a day to over a week. While the lower end of the time scale is still reasonable,

the higher detection time lag can result in greater chances of attack success, as the attacker has more time to move

around to subsequent hops before the initial discovery occurs. 27% of respondents were unsure of how fast their

organization could detect lateral movement, which one could attribute either to an organization not tracking lateral

movement detection, the lack of a capability to track that metric, or an inability to detect lateral movement.

Key Insights: Efficiently detecting lateral movement remains a significant challenge for organizations. Studies show that an

attacker can break out from an endpoint in under 5 hours, making it critical to detect these threats early. Deception

can detect lateral movement across all attack vectors and attack surfaces, making it highly effective in identifying

when an attacker has bypassed other controls.

This ability can be extremely valuable for:

• closing detection gaps related to EDR

• providing enhanced security unique to cloud environments

• protecting remote worker VPNs

• delivering detection for IoT and ICS-SCADA environments where tracking logs is difficult or impossible

• providing a substantiated, actionable alert for the security team, regardless of their size or security posture


WHAT’S YOUR AVERAGE TIME TO IDENTIFY THE SOURCE OF AN ATTACK?


Similar to the previous question, over four in ten respondents answered that they could quickly identify the source of

an attack in a day or less, showing confidence in internal investigation and forensic tools such deception technology.

Over one-third of respondents felt that they could identify the source of an attack from day to over a week, while

about one-quarter of respondents were unsure of how fast their organization could accomplish the same feat. Again,

similar to the speed of detecting lateral movement, the faster one can pinpoint the source of an attack, the better the

chances of defending against a breach.

Key Insights: Hand in hand with detecting an attack early, an organization must promptly triage it, find the indicators, and, if

possible, identify the source of compromise. It also becomes critical to understand the TTPs of an attack so that

remediation and restoration of operations can happen quickly. Identifying TTPs also aids in threat hunting to ensure

the attacker is eradicated and cannot successfully return. Deception-based detection plays a prominent role in

delivering company-centric threat intelligence for this purpose. The forensic evidence it gathers can also save

valuable hours that organizations would typically spend in collecting and correlating data to substantiate the proof

of an attack from an insider, supplier, or external threat actor. Unlike other detection controls that simply deflect an

attack, deception also creates a safe environment to study an attacker and can automate the attack analysis for

faster incident response. Native integrations can also automate isolation, blocking, and threat hunting, driving further

efficiencies for defenders.


WHAT SECURITY FRAMEWORK DO YOU USE?


Based on the sample size, over three in four respondents were using some form of Security Framework to guide their

security strategy. A majority of respondents stated that their organizations used the NIST Cybersecurity framework

(45% of responses), while over one-third followed the ISO 27000 family of standards (37%). Surprisingly, almost

one in four respondents did not use any security framework. Note that while the survey did not explicitly mention the

MITRE ATT&CK Framework, several responses included it as part of the “Other” category.

Key Insights: We continue to see an increase in organizations using Security Frameworks to assess their security posture and

readiness. There has also been a significant interest in the MITRE ATT&CK Framework, which is helping organizations

understand how an attacker is attacking and how well their security controls can respond throughout the attack

lifecycle. It is worth noting that the NIST SP 800-53 rev 5 includes deception technology as part of the framework’s

recommended controls. NIST also mentions deception as a control in SP 800-172 and SP 800-160. The Reserve

Bank of India also published its Cyber Security Framework indicating deception technology as a recommended

control.


CONCLUSION

Collectively, this global research points to continued demand for in-network detection that works reliably across

existing and emerging attack surfaces and is effective against all attack vectors. Organizations are focused on

endpoint and cloud attack surfaces as top security concerns because of the evolving architectures that they are

implementing. There is a trend in continued investment in traditional detection tools that they feel have the most

significant impact on attackers, such as Network Traffic Analysis, Next-gen Firewalls, and IDS. However, they also

recognize the need for innovative solutions like Deception Technologies, which they acknowledge for its efficacy in

detecting threats that bypass traditional defenses to infiltrate their networks.

Organizations are increasingly adopting security frameworks to evaluate their defenses, as the formalized structure

guides them in developing a more robust security strategy. This evaluation leads them to revise their existing controls

to address coverage gaps and adopt new technologies like deception that addresses their expanding attack surface

and dissolving perimeter.

As attackers demonstrate more success in breaking past perimeter defenses, organizations are focusing on

better in-network detection to counter the threat. Reducing dwell time has become an increased focus, as is

adopting technologies that detect attackers inside the network early and accurately. While the industry has shown

marked improvement in this area, organizations can do more to reduce it even further. A multilayered strategy of

complementary security controls that include new solutions like deception technology can be one such approach.

BACKGROUND ON THE RESEARCH

Early and accurate threat detection of in-network attacks has become a top concern among organizations, both large

and small. This survey aims to provide an understanding of top threat concerns and insight into how these are trending

based on prior (2018 and 2019) surveys conducted in similar face-to-face fashion around the globe. Organizations can

use this information to build proactive defenses and also glean insight into how they can use deception technology to

reduce risk, detect attacks earlier, and improve operational efficiencies.

© 2020 Attivo Networks. All rights reserved. ANSR042020 www.attivonetworks.com 19

Follow us on Twitter @attivonetworks Facebook | LinkedIn: AttivoNetworks

REGION

SAMPLE SIZE: 1249 (All Respondents) The survey was conducted worldwide at conferences in North America (78% of responses), Europe, the Middle East, and Africa (21%); and in the Asia-Pacific region (1%).

PARTICIPANT TITLE SAMPLE SIZE: 1249 (All Respondents) The survey included individual contributors (55%) comprised of security engineers, analysts, and consultants, VPs/Directors/Managers (19%), and C-level leaders (8%)

.

PARTICIPANT INDUSTRY - TOP 10

SAMPLE SIZE: 1249 (All Respondents) Respondents represented almost 15 industries, with the most-represented sectors including Technology (34%), and Financial Services (14%).

PARTICIPANT ORGANIZATION SIZE SAMPLE SIZE: 1249 (All Respondents)Respondents represented a wide range of business sizes, with 35% of participants from smaller enterprises (1000 people or less), 31% between 1001 and 10,000 employees, and 26% over 10,000 employees.

PARTICIPANT CHARACTERISTICS

2019 top threat detection trends survey · throughout 2019, attivo networks conducted worldwide...

Documents