Vectra Networks, a leader in real-time detection of in-progress cyber-attacks, has announced the results of the first edition of The Post Breach Industry Report, an industry study using real-world data from enterprise networks to reveal what attackers do within a network once they evade perimeter defenses.
The Post Breach Industry Report collected data over five months from more than 100,000 hosts within sample organizations to gain a deeper understanding of breaches that inevitably bypass perimeter defenses and what attackers do once inside networks. The study found that more than 11,000 hosts experienced one or multiple cyber-attacks that made it through perimeter defenses. Of these attacked hosts, 10 percent had detections for two or more attack phases – such as botnet monetization, command and control, reconnaissance, lateral movement, and exfiltration.
Overall, 15 percent of hosts in the participating organizations experienced a targeted attack. Once the attackers established a stronghold, they performed reconnaissance via internal port scans, lateral movement using brute force attacks, remote control of the attack with command and control communication, and exfiltration through hidden tunnels.
Featured Download: Social media access at work. Do your employees know the rules?
“While many industry reports study perimeter defenses and app/web usage by authorized users on the network, The Post Breach Industry Report is the industry’s first which studied how many attacks successfully bypass perimeter security, and what attackers do once they gain network access,” said Oliver Tavakoli, CTO of Vectra Networks, whose threat detection and reporting technology was used to gather organizations’ information for the study. “Cyber-attacks are increasingly sophisticated, highly organized, and successful despite $60 billion invested in cyber security annually worldwide. All of the attack phases detected are ones that evaded organizations’ perimeter and endpoint security systems.”
A copy of the study can be found at .
Additional key findings of the study include:
· Eighty-five percent of attacks experienced by the sample organizations were opportunistic attacks. Two percent of the hosts experiencing an opportunistic attack were being used to spread botnet malware to other computers within the organization.
· Fifteen percent of attacks experienced by the sample organizations were targeted attacks. Two percent of these hosts under targeted attack were breached to the exfiltration stage, where the attacker was preparing to steal data.
· Seven percent of hosts had both botnet and exfiltration detections, which indicates possible theft of credentials for use in a subsequent targeted attack against the sample organization or other organizations.
The Post Breach Industry Report evaluates detection data from Vectra’s X-series platforms deployed in production networks. Vectra Networks detects attacks at every phase of an ongoing attack, regardless of how the attack enters an organization’s network and the application, operating system or device involved. The platform continuously monitors an organization’s network and provides automated, intuitive and prioritized reporting so security analysts can address the highest business risks quickly. The selected organizations in this study operate in a variety of industries, including technology, financial services and higher education.
About Vectra Networks
Vectra Networks is the leading innovator in real-time detection of in-progress cyber-attacks. Vectra delivers continuous automated cyber-attack detection and reporting that instantly identifies attacks while they are happening and describes what the attacker is doing. Vectra automatically prioritizes attacks that pose the greatest business risk, enabling organizations to quickly make decisions on where to focus their time and resources. Vectra Networks’ investors include Khosla Ventures, Accel Partners, IA Ventures and AME Cloud Ventures. The company’s headquarters are in San Jose, Calif. More information can be found at www.vectranetworks.com.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.