Study: Early detection of intruders reduces costs and increases the efficiency of the SOC. The magic word is deception: it halves the cost of data theft.
Organizations that use deception technologies to detect cyberattacks early can cut costs associated with data breaches by more than half (51%). This is the key finding of a new study Attivo Networks conducted in partnership with Deceptive Defense's Kevin Fiscus. The Cyber Deception Reduces Breach Costs & Increases SOC Efficiency report identifies the direct and measurable financial and productivity benefits of deception technologies for organizations of all types and sizes. The research also shows that the average reduction in data breach costs is $1,98 million per incident, or $75,12 per compromised record. These cost reductions are achieved through faster detection and more effective response to incidents, as well as reduced complexity in managing them.
More efficiency for SOC agents through deception
In addition, according to this report, deception technology can significantly reduce the time required to process false warnings (false positives) and increase the efficiency of the typical Security Operations Center (SOC). A recent SIEM productivity study by Ponemon and Exabeam found that the average time spent per SOC analyst per incident was about 10 minutes and SOC analysts wasted about 26% of their day handling false positives, representing a productivity loss of over US $ 18.000. Dollars per analyst per year. The respondents stated that processing alarms based on Deception technology was saved significantly compared to other alarms, which can ultimately save companies up to 32% or just under 23.000 US dollars per SOC analyst per year.
"The term 'game changer' gets used far too often," said Kevin Fiscus, Principal Instructor at SANS Institute and Founder of Deceptive Defense. “Those who use it are often rightly viewed with suspicion. Cyber deception is different, and it's not just a new iteration of an outdated technology. Deception causes attackers to question everything they think they know, often stopping an attack before it's even properly started. It's really a game changer."
“The ability to detect attacks early, reduce the cost of data breaches, and improve SOC efficiency makes cyber deception a critical security control for the organization,” said Joe Weidner, regional director DACH, Attivo Networks. “Businesses large and small are increasingly using deception technologies to build a proactive defense against data theft, ransomware and other attacks to ensure the security of their data.”
Significantly reduce dwell time
In addition to the financial and productivity advantages of Deception technology, the report also states that - if used correctly - it can reduce the average undetected dwell time of an attacker in the company network (dwell time) between 90% and 97% - down to just 5,5, 56 days. This is important in that recent reports show that the average length of stay is currently 207 days and the average time to detect a break-in is XNUMX days.
Coupled with the test results from MITER ATT & CK's DIY APT Tool Review, the Attivo and Deceptive Defense report shows how deception technology can be a powerful security control that is part of every defender's arsenal. The APT test specifically confirmed the ability of Attivo Networks' solutions to increase EDR detection rates by an average of 42%.
ThreatDefend platform provides ways to prevent and detect attacks
The Attivo ThreatDefend platform provides extensive attack prevention and detection capabilities that cover not only deception techniques, but a variety of other methods as well. The platform proactively distracts attackers from their targets with falsified information, triggers a warning and redirects the attacker to bait. This hides important information such as Active Directory objects, data and storage and prevents the attacker from accessing it. Additionally, with the ability to steer the attacker's path into a decoy, defenders can gain valuable insight into understanding their opponent's tools and techniques, as well as their intent.
More about the report at Attivionetworks.com
About Attivo Networks
Attivo Networks is a leading provider of security solutions based on deception technology. The solutions detect attacks based on lateral movements. To prevent and detect unauthorized activity originating from insiders and external threats, they provide active defense. The long-standing customer-proven Attivo ThreatDefend platform is a scalable solution that intercepts attackers and helps reduce the attack surface within user networks, in data centers, clouds, at remote workstations and special attack vectors. With innovative technology to prevent and misdirect lateral attack activities, the solution works at the endpoint, in the Active Directory and in the entire network. Forensics, automated attack analyzes and native integration of third-party solutions optimize the response to incidents.