The median number of days that attackers were present on a victim’s network before being discovered dropped to 146 days in 2015 from 205 days in 2014 – a trend that shows positive improvement since measuring 416 days back in 2012. However, breaches still often go undetected for years, Mandiant reminded.
I think that any time we see an improvement in cybersecurity efforts, we should rejoice. It seems like we spend a lot of time talking about how things are getting worse. The bad guys are getting more sophisticated, and a surprising number of people just throw their hands in the air and say, “There is no way we can protect against this.” (Yes, I actually had a conversation that ended with those exact words a week ago. It made me sad to think there are company leaders who don’t believe their employees are capable of understanding basic security best practices.) True, 146 days still is a long time to detect a breach – that’s almost five months! – but it is better than more than a year. It is heartening to hear that companies are making progress.
Yet, that improvement isn’t good enough for IT professionals. According to new research from Lumeta, 90 percent of IT pros want to see threat detection whittled down from 146 days to one. However, as Security Magazine pointed out, this is easier said than done because companies don’t have the systems in place for that high level of detection:
Nearly one-half of respondents say there are key impediments to attaining network visibility: 48 percent said the lack of comprehensive security intelligence available across the network, while 49 percent of respondents cited their inability to monitor every device on the network, particularly mobile or cloud instances.
What makes it difficult to detect impending threats are all of those endpoints – mobile and cloud, in particular. Two-thirds of the IT professionals surveyed admit that quickly detecting potential threats on expanding endpoints is difficult. I expect this problem to continue as more Internet of Things devices are connected to the corporate network.
Until there are stricter controls over the multitude of endpoints, early detection is going to remain a struggle. And until early detection is possible across all devices and access points, we aren’t going to narrow down breach detection to within 24 hours of an attack. But as organizations introduce more effective security systems and encourage better security practices by everyone with network access, I don’t see why Mandiant’s eighth annual report can’t show even better post-breach detection times.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba.