One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 455328 |
| Date de publication | 2018-01-03 14:00:00 (vue: 2018-01-03 14:00:00) |
| Titre | Fileless Attacks are Driving Up Security Complexity & Costs |
| Texte |
If you feel like it’s getting harder and more expensive to protect your company from cyber attacks, you’re not alone. From streamlined startups to global enterprises, organizations in every industry are feeling the crunch as the threats they’re facing rapidly evolve.
The Ponemon Institute’s 2017 State of Endpoint Security Risk report provides a thorough and enlightening overview of what’s happening. Now in its fifth consecutive year, this highly regarded report analyzes survey responses from more than 600 IT and security practitioners located in the United States. This year’s edition highlighted a few startling stats as well as some unsettling trends.
What won’t surprise most IT professionals is that the threat of endpoint security risk has increased, due to both the rising number of attacks and the evolution of attack techniques. Also on the rise is the cost of attacks. Based on data collected for the report, the average total hard cost of a successful attack is more than $5 million, including IT and end-user productivity loss, system downtime, theft of information assets, and a variety of other damages.
What may be overlooked, however, is that the complexity and day-to-day cost of defending against these attacks is becoming increasingly prohibitive.
Evolving Attack Techniques Drive Higher Day-to-Day Prevention Costs
Attackers are changing their approach based on what’s working. Looking at data for the past 12 months, the Ponemon report found that 54 percent of respondent organizations experienced one or more endpoint attacks that successfully compromised data assets and/or IT infrastructure. Of those successful attacks, 77 percent involved fileless techniques designed to evade detection by abusing legitimate system tools or launching malicious code from memory.
Fileless techniques have long been used by sophisticated hacking groups, who typically aim their attacks at high-level targets like governments and large corporations. It was only a matter of time before these techniques were more widely adopted by cyber criminals. Now, because fileless attack techniques are expressly designed to exploit gaps in traditional security solutions, organizations large and small are finding themselves vulnerable.
The urgent need to adapt existing protection to address fileless techniques is one of the primary factors driving up prevention costs. To begin with, the rapid proliferation of these types of attacks has caused organizations to lose faith in traditional antivirus (AV) security measures. As a result, companies are either replacing or supplementing their existing AV with new endpoint protection solutions. Unfortunately, because the majority of these options were designed to be used by large enterprise security teams they are typically too expensive and complex for mid-market organizations.
Not only do these products incur up-front implementation costs in the form of professional installation services and other expenses, they also typically increase ongoing management costs because of things like:
Greater expertise requirements: As traditional security solutions struggle to adapt to the new threats, both they and new entrants into the market are rolling out new features and functionality that make management more complex. This in turn can create additional service costs and also higher staffing fees as companies find they need to hire more senior IT security professionals to manage the advanced solutions.
Additional time and resources spent on monitoring: The majority of solutions t |
| Envoyé | Oui |
| Condensat | designed 2017 600 abusing action activity adapt adding additional address addressing admins adopt adopted advanced after against aim alerts alienvault all alone already also amounts analyze analyzes and/or antivirus approach are aren’t asked assets attack attackers attacks attempting average barkly based basis because becoming been before begin between biggest both budget built burdensome businesses can category caused changing chase code collected companies company completely complex complexity compromise compromised concrete consecutive corporations cost costs create creating criminals crunch current cyber damage damages data day dedicated defending deliver designed detect detection develop disparate distinguish doing download downtime drive driving due easy edition either end endpoint enlightening enterprise enterprises entrants evade every evolution evolve evolving existing expenses expensive experienced expertise exploit expressly facing fact factors faith fall false features feel feeling fees fifth fileless find finding flooded form found from front full functionality gaps gather get getting global good governments greater groups hacking had happening hard harden harder has have helpful here high higher highlighted highly hijack hire how however identify implementation including increase increased increasingly incur indicators industries industry information infrastructure insights installation institute’s involved it’s its just large launching legitimate level like like: located long looking lose loss made majority make malicious manage management many market massive matter may measures memory mid million monitoring: months more most need networks new news not now number often one ones ongoing only options organizations other out outlined overlooked overview own past percent ponemon positive positives positives: practitioners prepared prevention previously primarily primary priority problems processes productivity products professional professionals prohibitive proliferation properly protect protected protection provides rapid rapidly reacting regarded regular replacing report requirements: resources respond respondent respondents response responses result rise rising risk rolling said security senior service services sizes small solutions some sophisticated sources spent staffing startling startups state states statistics stats steps streamlined strong struggle successful successfully supplementing surprise survey system take targets teams techniques than theft them themselves then these they’re things thorough those threat threats time too tools total towards traditional transitioning trends turn types typically unfortunately united unnecessary unsettling urgent use used user valid variety vulnerable we’ve well what what’s when who widely without won’t work working year year’s you’re your zeroes |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.