2019 top threat detection trends survey · throughout 2019, attivo networks conducted worldwide...
TRANSCRIPT
S URVE Y RESU LTS
2019 TOP THREAT DETECTION TRENDS SURVEY
www.attivonetworks.comSurvey Results 2
CONTENTS
EXECUTIVE SUMMARY 3
THE SURVEY RESULTS 6
TYPES OF ATTACKS CYBER DEFENDERS ARE MOST CONCERNED ABOUT 6
TOP ATTACK CONCERNS BY VERTICAL 7
Key Insights 7
WHICH ATTACK SURFACES PRESENT THE GREATEST THREAT 8
Key Insights 8
DETECTION CONTROLS THREAT ACTORS ARE MOST CONCERNED ABOUT 9
Key Insights 10
HOW OFTEN ARE CYBERATTACKERS EXPECTING DECEPTION TECHNOLOGY 11 Key Insights 12
ARE DWELL TIMES HEALTHY AND ARE THEY IMPROVING? 13
Key Insights 13
MEAN-TIME-TO-DETECTION 14
Key Insights 14
AVERAGE TIME TO DETECT LATERAL MOVEMENT 15
Key Insights 15
AVERAGE TIME TO IDENTIFY THE SOURCE OF AN ATTACK 16
Key Insights 16
WHAT SECURITY FRAMEWORK DO YOU USE? 17
Key Insights 17 CONCLUSION 18 PARTICIPANT CHARACTERISTICS 19 REGION 19
PARTICIPANT TITLE 19
PARTICIPANT INDUSTRY - TOP 10 19
PARTICIPANT ORGANIZATION SIZE 19
www.attivonetworks.comSurvey Results
EXECUTIVE SUMMARY
Throughout 2019, Attivo Networks conducted worldwide research to capture top trends related to cybersecurity
threat detection. The company surveyed 1,249 security professionals with participants in North America, Europe, and
Australia, representing predominantly midsize and large firms across 15 different industry sectors.
The survey consisted of ten questions related specifically to cybersecurity threat detection, several of which we
asked to a similar audience in 2018, which allowed for a year over year comparison of shifting cybersecurity and
threat detection concerns. The report highlights the themes and observations we made across four key areas of
detection and includes questions related to types of attacks, attack surfaces, detection and response times, as well
as detection tools and resources. We gathered the insights from this survey at security-focused regional events and
national tradeshows.
The purpose of this report is to provide a trending benchmark related to security threats and build upon the research
collected during a prior survey in 2018.
KEY FINDINGSDWELL TIME
As an industry, we did not recognize improvements in reducing attacker dwell time, the time it takes to detect an
attacker once they have infected the network. When asked whether 100 days was representative of dwell time in
their organization, responses remained relatively consistent with last year’s results, with nearly two-thirds (64%) of
respondents answering that 100 days of dwell times sounded about right or was too low (compared to 61% last year).
When asked about whether companies were seeing improvement, only a moderate number of responses indicated
improving times, with 32% of respondents reporting a decrease, which represented a minor 1% gain. The number of
respondents indicating an increase in dwell times was 28%, a drop of 4%, and those who saw no change were at 18%,
a decline of 5%. Compared to last year, the highest jump in responses – and an alarming trend – came from the 22%
who stated that they were not tracking dwell time statistics. Up 7% from last year, this highlights a continued need
for more efficient tools to detect and track in-network threat activity.
www.attivonetworks.comSurvey Results 4
TOP ATTACKS OF C ONC ERN TO DEFENDER S
Despite significant investments in prevention solutions, malware and ransomware activity continued to top the list of
attacks that concerned defenders. This category jumped up 5% to 66% from last year and remained the top concern,
demonstrating that anti-virus, firewalls, and other prevention technologies still struggle to detect and stop them.
Phishing and Social Engineering remains the second-highest concern, growing 6% to 64%. Credential theft decreased
6% to 46%, and targeted attacks went down 5% to 45%, likely attributable to the use of credential-based deception
solutions. DDOS increased 4% to 31%, MitM/Session hijacking remained a steady challenge at 15%, and Crypto-mining
dropped 5% to 15%.
TOP ATTACKS SURFACES
When asked about attack surfaces that create the most significant concerns, User Networks and Endpoints took the
number one spot, with 65% of respondents naming it as the attack surface that concerned them most. This category
also had the highest increase as an attack surface with an 11% jump from last year’s 54%. Cloud still maintained
a strong second position at 63% with only a minor 1% increase from last year. Datacenters and Remote or Branch
offices took 3rd place at 35% each with drops of 1% and 6%, respectively. In comparison, one quarter chose Network
or Telecom and Specialized environments (a 10% drop from last year’s 35%). With the dramatic change in the number
of people that have moved to remote working in 2020 in response to the coronavirus pandemic, we expect to see a
significant rise in concerns related to remote worker risk in future research. This impact of remote working might also
show up in the increased concerns related to endpoints, cloud operations, VPN, and SaaS security.
SECUR ITY CONTROLS TH AT CONCERN ATTACKER S
When asked which security controls respondents believed attackers were wary of, no single detection control
garnered a majority. This result appears to indicate a belief in the need for a layered defense and a mix of both legacy
and modern detection tools that can play complementary roles to each other. Participants believe that the detection
controls that most concern threat actors are deception (40%), next-generation firewalls (also at 40%), and Traffic
Analysis (44%). These results would indicate that respondents view NGF and Traffic Analysis as effective at detecting
and stopping known threats from the outside. At the same time, they believe that deception (40%) is what attackers
think can best detect and derail their in-network activity. This high rating for deception could also be attributable to
the effect they feel from more advanced platforms that can significantly impact their attacks with the ability to alter
the results delivered to their automated tools. By hiding real assets and providing results that appear genuine but are
fake, the attackers can no longer trust their tools, which forces them to slow down and incur increased attack costs.
www.attivonetworks.comSurvey Results 5
L ATER AL MOVEMENT DETECTION
On the subject of detecting lateral movement, 98% of respondents responded, with 41% answering that they could
quickly detect lateral movement in a day or less, showing confidence in internal detection tools like deception
technology. Around 25% of respondents felt that they could detect lateral movement anywhere from a day to a week,
and 9% stated it takes them longer than a week. While the lower end of the time scale is still reasonable, the higher
detection time lag can result in greater chances of attack success. Over one in four (27%) respondents cited they
were unsure of how fast their organization could detect lateral movement, which one could attribute either to their
inability to detect lateral movement, not tracking the metric, or lacking the means to. The lack of capability mostly
arose amongst small businesses that found themselves merely responding to attacks and monitoring their case
closure. The findings related to the time it took to identify the source of an attack was almost identical to the time it
took to detect the lateral movement.
SECUR ITY FR A ME WORKS
The survey also explored what Security Frameworks were being used to guide their organization’s security
strategies. Over three in four respondents were using some form of Security Framework with most following the
NIST Cybersecurity framework (45% of responses) followed by the ISO 27000 family of standards (37%). One in four
respondents stated they did not currently use any security framework. It is worth noting that several respondents
wrote in the MITRE ATT&CK Framework as part of the “Other” category.
www.attivonetworks.comSurvey Results 6
THE SURVEY RESULTS The first polling questions captured the top concerns of organizations and determined if there were any variations by
industry. The next section explored the top information security concerns related to finding and stopping attackers
and identifying which technologies are impacting attackers. It also asked about shifts in time to detect and respond
to incidents, as well as the security technologies used to affect this change.
After each question in the survey report, Attivo Networks has added key takeaways related specifically to detection
technology and other anecdotal information collected at the events where we obtained the survey responses.
WHAT TYPES OF ATTACKS ARE CYBER DEFENDERS MOST CONCERNED ABOUT?
SAMPLE SIZE: 1233 (99%) NOTE: Respondents could select multiple options
Compared to last year’s data, malware and ransomware attacks jumped up 5% to 66% and remained the top concern,
demonstrating that anti-virus, firewalls, and other prevention technologies still struggle to contain them. Phishing
and Social Engineering (up 6% to 64%) also remained the second-highest concern, indicating that organizations
understand the need to protect against attacks that can bypass defenses by targeting users directly. While both
credential theft (down 6% to 46%) and targeted attacks (down 5% to 45%) lost a little ground, they remain highly
ranked, indicating that respondents still worry about their ability to detect credential harvesting and misuse and
detect threats where an attacker is using advanced techniques. DDOS (up 4% to 31%) and Other attacks (up 2% to
4%) saw a slight uptick, while MitM/Session hijacking remained steady at 15%, and Cryptomining dropped 5% to 15%.
When broken down by vertical, industries most sensitive to data loss or interruptions to normal operations cited
malware and ransomware as concerns, namely Healthcare, SLED/Universities, Energy/Utilities/Manufacturing/
www.attivonetworks.comSurvey Results 7
Agriculture, and Legal/Professional Services. Interestingly, Financial Services was more concerned about Phishing/Social Engineering over Credential Theft and Malware/Ransomware, likely because of the amount of interaction the industry has with the public and the sensitivity it has to monetary fraud, which attackers usually perpetrate via
social engineering.
TOP ATTACK CONCERNS BY VERTICAL
ENERGY/ UTILS,
MFG, AGRI
FINL SERV
GOV’T, FED
HEALTHLEGAL,
PRO SERV
TECHRETAIL/ HOSP, MEDIA/ ENTMT
SLED, UNIV
OTHER
Credential Theft 18% 19% 13% 17% 16% 16% 18% 16% 14%
Cryptomining 4% 5% 6% 5% 5% 6% 4% 2% 6%
DDOS 7% 12% 10% 11% 11% 11% 9% 6% 11%
Malware/ Ransomware 27% 22% 23% 25% 25% 22% 23% 27% 23%
MitM/Session Hijacking 3% 4% 6% 5% 5% 6% 5% 7% 6%
Phishing/Social Engineering 24% 23% 21% 22% 24% 21% 24% 25% 22%
Targeted attacks 15% 14% 21% 13% 13% 17% 16% 14% 16%
Other attacks 2% 1% 0% 0% 1% 1% 2% 4% 3%
Total Responses 260 553 275 194 357 1164 217 152 316
Key Insights: Cyber hygiene remains a significant issue, and although organizations must stay vigilant in their training and
education programs, they still need to do more to quickly and accurately detect human error, misconfigurations,
or exposures from employees not maintaining and patching their system software. Organizations need to review
the different attack vectors that attackers use to target their industries and map how their security controls are
working to prevent a successful attack. Whether big or small, businesses need to make sure that they have built-in
safety nets in place for when threat actors bypass their front-line defenses. Deception technology has become a
preferred detection control for many security teams based on its comprehensive ability to detect across all attack
vectors without relying on signatures, pattern matching, or database lookup. It is often deployed on the endpoint in
conjunction with EDR solutions to augment detection based on credential theft, Active Directory reconnaissance, and
other forms of lateral movement that an attacker will attempt from an infected endpoint. Deception is also now used
commonly in environments where organizations cannot install traditional AV or where there is not a means to create
and use logs for detection.
www.attivonetworks.comSurvey Results 8
WHICH ATTACK SURFACES PRESENT THE GREATEST THREAT?
SAMPLE SIZE: 1229 (98%) NOTE: Respondents could select multiple options
User Networks and Endpoints garnered 65% of the responses (an 11% jump from last year’s 54%) to overtake Cloud
as the number one attack surface presenting the most significant threat. Meanwhile, Cloud still maintained a strong
presence at 63% (up 1% from last year). A little over one-third of respondents selected Datacenters and Remote or
Branch offices at 35% each (a drop of 1% and 6%, respectively). In comparison, one quarter chose Network or Telecom
and Specialized environments (a 10% drop from last year’s 35%).
Key Insights: The significant jump in respondents identifying User Networks and Endpoints as the attack surface concerning them
most encompasses many factors, such as the number of successful endpoint attacks, the increased use of unknown
or zero-day attacks, the rising cost per endpoint breach, and difficulties associated with false positives rates and
continued staffing challenges. The steady number of responses choosing Cloud results from the continued migration
of companies to IaaS or SaaS services and concerns they have over securing these broad attack surface and shared
security models.
www.attivonetworks.comSurvey Results 9
WHAT DETECTION CONTROLS ARE THREAT ACTORS MOST CONCERNED ABOUT?
SAMPLE SIZE: 1217 (97%) NOTE: Respondents could select multiple options
While no single detection control garnered a majority, participants believe that the detection controls that most
concern threat actors are deception (40%), next-generation firewalls (also at 40%), and Traffic Analysis (44%). These
results would indicate respondents view NGF and Traffic Analysis as the most effective ways to detect and stop
known threats from the outside. At the same time, they feel that deception (40%) fares well as it is the technology
that attackers believe can best detect their in-network activity, regardless of the tactics, techniques, and procedures
they use, or the attack surface and attack vector.
Respondents believed that attackers were concerned about IDS (39%) and SIEMs (37%), while only (27%) felt that
attackers would worry about EDR and NextGen AV — all well-established technologies. Likely the lower scores reflect
an attacker’s access to documented bypass techniques and coverage gaps that they can exploit.
Respondents felt that attackers remain least concerned about IAM (22%) and UEBA (15%). Attackers can bypass
IAM with the right set of stolen credentials, while UEBA has complexities and difficulties associated with deploying,
configuring, operating, and establishing a baseline. The complex management often leads to coverage limitations or
mistakes that attackers believe they can leverage in their favor.
www.attivonetworks.comSurvey Results 10
Key Insights: Attackers are fully expecting that organizations are going to be monitoring their traffic and will have either next-gen
firewalls or IDS systems in place. They have become quite savvy at understanding the weaknesses of these controls
and working carefully to avoid being detected by them. According to respondents, attackers are, however, becoming
increasingly concerned about cyber-deception. With modern advancements, they can no longer quickly identify the
decoys, bait, and lures as they could earlier generation honeypots. Even when they are expecting deception, it is now
so authentic that they do not realize they have engaged until it is too late, or sometimes not even at all. Defenders
are leveraging these modern enhancements to quickly detect lateral movement with decoys, lures, bait, and other
misdirections that feed false information and lead the attacker directly into a decoy environment. All the while, the
attacker’s tools are gathering incorrect information that appears as real, further throwing the attacker off-trail and
negating their attack.
70% of deception users with a high level of familiarity with the technology rated their organizations as highly effective in detecting and responding to in-network attackers early in the attack cycle.
- EMA - Definitive Market Guide to Deception Technology August 2019
”
“
www.attivonetworks.comSurvey Results 11
HOW OFTEN ARE CYBERATTACKERS EXPECTING DECEPTION TECHNOLOGY?
SAMPLE SIZE: 1234 (99%) NOTE: Respondents could only select a single option
When compared to last year’s data, fewer respondents felt unsure (a 7% drop to 12%) about whether or not attackers
expected deception. There was a slight increase (up 2% to 41%) when you aggregated the number of people
who felt that attackers rarely to never expected to encounter deception. In situations where an attacker is not
expecting deception, organizations can leverage the element of surprise with a basic deception strategy. However,
with the increasing number (7%), and now almost half (49%) of organizations that felt that attackers frequently
or always anticipated deception, they can take advantage of the more modern deception offerings that provide
greater authenticity with highly believable and real-looking deception assets. They can also deploy a wide variety of
other deceptions, including bait, lures, misdirections, and decoy documents, to further confuse and disrupt even the
suspecting adversary. Organizations need to increase their focus outside of their primary environments to protect
their information and operations from attackers seeking new points of entry to compromise.
www.attivonetworks.comSurvey Results 12
HOW OFTEN ARE CYBERATTACKERS EXPECTING DECEPTION TECHNOLOGY? – RESPONSES BY VERTICAL
ALWAYS FREQUENTLY UNSURE RARELY NOT AT ALL TOTAL RESPONSES
Agriculture 0% 100% 0% 0% 0% 1
Energy/Utilities 5% 25% 20% 45% 5% 20
Federal 27% 30% 8% 32% 2% 96
Financial Services 16% 29% 15% 38% 2% 172
Government 0% 0% 50% 50% 0% 2
Healthcare 10% 25% 15% 43% 7% 68
Legal 13% 40% 13% 33% 0% 15
Manufacturing 13% 29% 8% 47% 3% 76
Media/Entertainment 6% 44% 19% 19% 13% 16
Other 20% 29% 9% 36% 6% 111
Professional Services 13% 31% 18% 32% 6% 114
Retail/Hospitality 16% 31% 30% 8% 15% 61
SLED 12% 35% 30% 5% 18% 60
Technology 16% 33% 38% 4% 9% 420
University 0% 0% 50% 50% 0% 2
Key Insights: More and more attackers are expecting deception in an enterprises’ network. Security assessment firms definitely
expect to see it as they conduct their penetration or Red Team tests. Noting that this may have driven the increased
number that stated that attackers expected deception in this year’s survey. Many attackers and Red Teams believe that
they can identify a deception deployment, and depending on the vendors, this can be true. However, some of the most
advanced deception solutions that provide a full fabric of deception make it exceptionally difficult for the attacker to
move successfully from an endpoint, query Active Directory, or conduct other forms of reconnaissance without quickly
triggering a detection alert. These solutions also fool HoneyPotBuster and other attacker tools into falling for the
deception and consistently become prey. As the saying goes, deception technology has leveled the playing field, and the
attacker now must also be right all of the time.
www.attivonetworks.comSurvey Results 13
ARE DWELL TIMES HEALTHY AND ARE THEY IMPROVING?
SAMPLE SIZE: 927 (74%)
NOTE: This does not include the 21% of total respondents who answered: “Don’t Know.”
Responses about dwell times remained relatively consistent with last year’s results, with nearly one-third (64%) of
respondents answering that 100 days of dwell time sounded about right or was too low (compared to 61% last year).
Even though dwell times improved over the previous year, they still averaged about two to three months.
Key Insights: As a whole, the industry saw a reduction in dwell times. Part of this could stem from the rise in ransomware
attacks where the attackers want early discovery so victims could send payments faster. The fact that a majority of
respondents indicated that 100 days sounded about right or was too low hints at a continued concern with detection
capabilities lacking effectiveness in discovering attackers who’ve bypassed perimeter defenses. The improvements in
dwell time statistics indicate that organizations are potentially getting better at detecting in-network attackers, or it
could be due to the prevalence of ransomware attacks.
Roughly one-third of respondents indicated that 100 days was too high, showing confidence in their in-network
detection tools. One such tool that effectively reduces dwell times is deception technology. The 2019 Enterprise
Management Associates independent survey found that organizations that use deception technology have reported
reduced dwell times of around five days, in contrast to the over 60 days of dwell time that non-deception users said,
a 90% improvement. Coupled with users of deception technology reporting a twelvefold decrease in time to respond,
one can see the value that deception can add to improving incident response.
www.attivonetworks.comSurvey Results 14
WHAT’S THE STATUS OF YOUR MEAN-TIME-TO-DETECTION?
SAMPLE SIZE: 1071 (86% of Respondents) NOTE: Respondents could only select a single option
Compared to last year, the highest jump in responses came from those who were not tracking the mean-time-to-
detection (up 7% to 22%), shifting the other answers downward. Other numbers stayed roughly consistent, with
those reporting increased dwell times dropping 4% to 28%, those who saw no change dropping 5% to 18%, and those
showing a decrease dropping 1% to 32%.
Key Insights: Although organizations are investing in security solutions, cybercriminals are still staying ahead in their ability to
remain hidden within the network. In discussions with businesses, the challenges remain in the volume of alerts and
data they receive. All too often, they either don’t have the staff to investigate, or individually, the alert simply looks
benign. Organizations are appearing to be investing more in endpoint detection and response (EDR) solutions and
also in deception-based endpoint protection technologies to detect attackers early and lock down these systems
from lateral movement. The 2019 Enterprise Management Associates independent survey ranked deception as a #1
security control for its efficiency in detecting insider threats.
www.attivonetworks.comSurvey Results 15
WHAT’S YOUR AVERAGE TIME TO DETECT LATERAL MOVEMENT?
SAMPLE SIZE: 1222 (98% of Respondents) NOTE: Respondents could only select a single option
Over 40% of respondents answered that they could quickly detect lateral movement in a day or less, showing
confidence in internal detection tools like deception technology. Around three in ten respondents felt that they could
detect lateral movement anywhere from a day to over a week. While the lower end of the time scale is still reasonable,
the higher detection time lag can result in greater chances of attack success, as the attacker has more time to move
around to subsequent hops before the initial discovery occurs. 27% of respondents were unsure of how fast their
organization could detect lateral movement, which one could attribute either to an organization not tracking lateral
movement detection, the lack of a capability to track that metric, or an inability to detect lateral movement.
Key Insights: Efficiently detecting lateral movement remains a significant challenge for organizations. Studies show that an
attacker can break out from an endpoint in under 5 hours, making it critical to detect these threats early. Deception
can detect lateral movement across all attack vectors and attack surfaces, making it highly effective in identifying
when an attacker has bypassed other controls.
This ability can be extremely valuable for:
• closing detection gaps related to EDR
• providing enhanced security unique to cloud environments
• protecting remote worker VPNs
• delivering detection for IoT and ICS-SCADA environments where tracking logs is difficult or impossible
• providing a substantiated, actionable alert for the security team, regardless of their size or security posture
www.attivonetworks.comSurvey Results 16
WHAT’S YOUR AVERAGE TIME TO IDENTIFY THE SOURCE OF AN ATTACK?
SAMPLE SIZE: 1208 (97% of Respondents) NOTE: Respondents could only select a single option
Similar to the previous question, over four in ten respondents answered that they could quickly identify the source of
an attack in a day or less, showing confidence in internal investigation and forensic tools such deception technology.
Over one-third of respondents felt that they could identify the source of an attack from day to over a week, while
about one-quarter of respondents were unsure of how fast their organization could accomplish the same feat. Again,
similar to the speed of detecting lateral movement, the faster one can pinpoint the source of an attack, the better the
chances of defending against a breach.
Key Insights: Hand in hand with detecting an attack early, an organization must promptly triage it, find the indicators, and, if
possible, identify the source of compromise. It also becomes critical to understand the TTPs of an attack so that
remediation and restoration of operations can happen quickly. Identifying TTPs also aids in threat hunting to ensure
the attacker is eradicated and cannot successfully return. Deception-based detection plays a prominent role in
delivering company-centric threat intelligence for this purpose. The forensic evidence it gathers can also save
valuable hours that organizations would typically spend in collecting and correlating data to substantiate the proof
of an attack from an insider, supplier, or external threat actor. Unlike other detection controls that simply deflect an
attack, deception also creates a safe environment to study an attacker and can automate the attack analysis for
faster incident response. Native integrations can also automate isolation, blocking, and threat hunting, driving further
efficiencies for defenders.
www.attivonetworks.comSurvey Results 17
WHAT SECURITY FRAMEWORK DO YOU USE?
SAMPLE SIZE: 1039 (83%) NOTE: Respondents could select multiple options
Based on the sample size, over three in four respondents were using some form of Security Framework to guide their
security strategy. A majority of respondents stated that their organizations used the NIST Cybersecurity framework
(45% of responses), while over one-third followed the ISO 27000 family of standards (37%). Surprisingly, almost
one in four respondents did not use any security framework. Note that while the survey did not explicitly mention the
MITRE ATT&CK Framework, several responses included it as part of the “Other” category.
Key Insights: We continue to see an increase in organizations using Security Frameworks to assess their security posture and
readiness. There has also been a significant interest in the MITRE ATT&CK Framework, which is helping organizations
understand how an attacker is attacking and how well their security controls can respond throughout the attack
lifecycle. It is worth noting that the NIST SP 800-53 rev 5 includes deception technology as part of the framework’s
recommended controls. NIST also mentions deception as a control in SP 800-172 and SP 800-160. The Reserve
Bank of India also published its Cyber Security Framework indicating deception technology as a recommended
control.
www.attivonetworks.comSurvey Results 18
CONCLUSION
Collectively, this global research points to continued demand for in-network detection that works reliably across
existing and emerging attack surfaces and is effective against all attack vectors. Organizations are focused on
endpoint and cloud attack surfaces as top security concerns because of the evolving architectures that they are
implementing. There is a trend in continued investment in traditional detection tools that they feel have the most
significant impact on attackers, such as Network Traffic Analysis, Next-gen Firewalls, and IDS. However, they also
recognize the need for innovative solutions like Deception Technologies, which they acknowledge for its efficacy in
detecting threats that bypass traditional defenses to infiltrate their networks.
Organizations are increasingly adopting security frameworks to evaluate their defenses, as the formalized structure
guides them in developing a more robust security strategy. This evaluation leads them to revise their existing controls
to address coverage gaps and adopt new technologies like deception that addresses their expanding attack surface
and dissolving perimeter.
As attackers demonstrate more success in breaking past perimeter defenses, organizations are focusing on
better in-network detection to counter the threat. Reducing dwell time has become an increased focus, as is
adopting technologies that detect attackers inside the network early and accurately. While the industry has shown
marked improvement in this area, organizations can do more to reduce it even further. A multilayered strategy of
complementary security controls that include new solutions like deception technology can be one such approach.
BACKGROUND ON THE RESEARCH
Early and accurate threat detection of in-network attacks has become a top concern among organizations, both large
and small. This survey aims to provide an understanding of top threat concerns and insight into how these are trending
based on prior (2018 and 2019) surveys conducted in similar face-to-face fashion around the globe. Organizations can
use this information to build proactive defenses and also glean insight into how they can use deception technology to
reduce risk, detect attacks earlier, and improve operational efficiencies.
© 2020 Attivo Networks. All rights reserved. ANSR042020 www.attivonetworks.com 19
Follow us on Twitter @attivonetworks Facebook | LinkedIn: AttivoNetworks
REGION
SAMPLE SIZE: 1249 (All Respondents) The survey was conducted worldwide at conferences in North America (78% of responses), Europe, the Middle East, and Africa (21%); and in the Asia-Pacific region (1%).
PARTICIPANT TITLE SAMPLE SIZE: 1249 (All Respondents) The survey included individual contributors (55%) comprised of security engineers, analysts, and consultants, VPs/Directors/Managers (19%), and C-level leaders (8%)
.
PARTICIPANT INDUSTRY - TOP 10
SAMPLE SIZE: 1249 (All Respondents) Respondents represented almost 15 industries, with the most-represented sectors including Technology (34%), and Financial Services (14%).
PARTICIPANT ORGANIZATION SIZE SAMPLE SIZE: 1249 (All Respondents)Respondents represented a wide range of business sizes, with 35% of participants from smaller enterprises (1000 people or less), 31% between 1001 and 10,000 employees, and 26% over 10,000 employees.
PARTICIPANT CHARACTERISTICS