53% of attacks infiltrate enterprise environments without detection
Research reveals that 65 per cent of the time, security environments were not able to prevent or detect the approaches being tested
FireEye Mandiant Security Effectiveness Report 2020 which reveals data about how well organisations are protecting themselves against cyber threats and the overall effectiveness of their security infrastructure.
The report reveals that while organisations continue to invest significant budget dollars in security controls and assume that this means assets are fully protected, the reality is that a majority of the tested attacks successfully infiltrated the organisations’ production environments without their knowledge.
In the tests, 53% of attacks successfully infiltrated environments without detection. 26% of attacks successfully infiltrated environments but were detected, while 33% of attacks were prevented by security tools. Alerts for only 9% of attacks were generated, demonstrating that most organisations and their security teams do not have the visibility they need into serious threats, even when they use central SIEM, SOAR and analysis platforms.
Chris Key, senior vice president at Mandiant Security Validation, said: “Our research shows that while the majority of companies assume they’re protected, the truth is that more often than not, they are exposed. Using automated security validation integrated with the latest threat intelligence and frontline expertise, we can help customers validate the health of their infrastructure by testing against threats that are most likely to target their organisation. This combination is not only a powerful defensive measure, but it also helps companies prioritise investments where they will have the most impact.”
The report summarises the results of thousands of tests performed by experts from the Mandiant Security Validation (previously known as Verodin) team. The tests consisted of real attacks, specific malicious behaviors, and actor-attributed techniques and tactics run in enterprise-level production environments representing 11 industries against 123 market-leading security technologies -- including network, email, endpoint, and cloud solutions.
Additionally, the report includes guidance to help organisations ensure that their security controls perform as expected by implementing a strategy that includes continuous security validation.