Kaspersky's new Managed Detection and Response Analyst Report has some key findings: The number of cyberattacks found by SOCs increased by 1,5x in 2022. Detection takes around 44 minutes on average. That is 6 percent longer than last year.
For the past year, Security Operations Centers (SOC) have detected more than three major incidents per day. Roughly one in three (30%) fatal attacks in 2022 were related to an Advanced Persistent Threat (APT), while a quarter (26%) were due to malware. These findings come from Kaspersky's latest Managed Detection and Response Analyst Report.
MDR helps without special knowledge
In the past year, companies have relied heavily on external expertise when it comes to security. The reasons for this were a higher efficiency of the external specialists in dealing with cyber security solutions and the need for specialist knowledge. To address the lack of specialized knowledge among IT security professionals and to provide them with insight into the current threat landscape, Kaspersky analyzed anonymous customer incidents discovered by Kaspersky Managed Detection and Response (MDR).
Kaspersky's most recent Managed Detection and Response Analyst Report shows that serious incidents were detected after around three quarters of an hour (43,8 minutes) on average. Due to the increase in cyber-attacks that require human intervention, this processing time increased by approximately 6 percent year-on-year as these types of incidents consume more of the SOC analysts' time.
APTs and malware attacks as the most common types of attacks
30 percent of the detected cyber attacks could be linked to APTs (Advanced Persistent Threat), 26 percent were due to malware attacks and just over 19 percent resulted from "ethical hacking" such as pentests or red teaming. With ethical hacking, dedicated IT experts penetrate the IT infrastructure to check the security of IT systems or the operational readiness of an MDR service. About 9 percent of the incidents were based on publicly accessible critical vulnerabilities and showed traces of previous attacks. The remaining incidents resulted from the successful use of social engineering techniques or were related to insider threats.
Do you have a moment?
Take a few minutes for our 2023 user survey and help make B2B-CYBER-SECURITY.de better!You only have to answer 10 questions and you have an immediate chance to win prizes from Kaspersky, ESET and Bitdefender.
Here you go directly to the survey
"Our MDR report shows that sophisticated attacks that require the intervention of a SOC specialist continue to increase," comments Sergey Soldierov, Head of Security Operations Center (SOC) at Kaspersky. “Such attacks require more resources to investigate and take more time from SOC analysts; this type of attack is less easy to investigate automatically. In order to identify them as quickly as possible, we recommend companies to rely on comprehensive threat hunting practices in combination with classic alert monitoring.”
Directly to the report PDF at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/