Most CISOs surveyed by Bitdefender trust next generation security, including endpoint detection and response (EDR) capabilities, as the best security approach against advanced attacks. Security audits, and traditional security - endpoint protection platforms - come second and third, mentioned by more than a third of respondents, according to a Bitdefender survey of 1,000+ CISOs from large companies in the US and Europe.
Companies that use an EDR solution have acknowledged that a cyberattack can occur at any time, and traditional protection platforms can only address 99% of the threats in the wild. EDR tools focus on the last 1% of threats, allowing for much greater fidelity in incident investigations.
On average, some 82% of security professionals in Europe and the US say that reaction time is a key differentiator in mitigating cyberattacks. Italy, the US, France, and the UK scored highest, CISOs’ main argument behind this is that time is of the essence when isolating the incident to prevent spreading (68%), identifying how the breach occurs (55%), and evaluating losses and the impact of the breach (51%), mainly. Delayed response to a cyber incident can also make it harder to accurately identify the initial time of attack and assess the timeframe (30%), understand the motivation for the cyberattack (19%), or improve the incident response plan for future attempts (17%).
As a result, the second main important driver for enhancing the company’s cybersecurity posture is also speed-related: faster detection and response capabilities are mentioned by almost half of those surveyed, immediately below improving data protection (51%).
While most companies have started taking steps to defend against advanced attacks by developing Security Operations Centers (SOCs) – fundamentally an internal team of IT security specialists that deals with security issues on an organizational and technical level – many still have no internal structure to deal with modern threats. With no SOC in place, CISOs complain about different security flaws. Over two thirds of IT execs from UK and Denmark said speed to investigate suspicious activity is one of their toughest tasks, while 64% of Americans mentioned monitoring activities, and 52% of Germans perceive the ability to quickly respond and remediate potential threats as the main obstacle created by the absence of a well-funded and well-resourced SOC. Half of Danes leading security teams in companies with no SOCs note keeping up with alerts as a challenge, while 43% of Italians have difficulties finding unknown attackers inside the network, and 48% of French indicate poor visibility of their IT environment.
EDR tools that don’t have a priority-based alert filtering mechanisms can slow the detection and response process of real threats, as it may send IT and security staff on investigation paths that either lead nowhere or are trivial. EDR alerts should not be about the sheer number of triggered alerts, but about intelligent, reliable, and meaningful alerts with a high probability of pointing to a real threat. Traditional EDR tools may seem like a security enabler, but without dedicated and staffed SOC teams, they may either hinder the organization’s security capabilities or make no significant contribution to the overall security posture.