Identity Threat Defense

5 Findings from the 2019 Cyberthreat Defense Report

Share with your network!

The CyberEdge Group recently released its 2019 Cyberthreat Defense Report (CDR), capturing the current perceptions of IT security professionals from 17 countries, 6 continents, and 19 industries. The report­­­­­­­­­­­­­­­­­­­, co-sponsored by Illusive, delivers unique insight into their views of cyberthreats, current defenses, and planned security investments.

The report touches on many topics, and here are some of the findings we found noteworthy.

1. The need to prioritize prevention through vulnerability management. There’s no question that patch management plays a key role in reducing data breaches due to malware. Although 78.7% of the report respondents felt they’d improved patch and vulnerability management to some degree, the CDR implores people to: “… consider new policies, processes, and technologies designed to help mitigate risk by reducing the network’s attack surface.” Reading between the lines, the implication is that by eliminating the conditions that attackers exploit, some strain can be taken off the attack detection front.” We agree that prevention should be prioritized and that patching is hugely important, but traditional vulnerability management is only one front in reducing the attack surface. Companies can have hidden exposure, caused by rogue credentials and connections that attackers use to get to valuable systems in the first place. Addressing conditions that accelerate lateral movement is also key to reducing the attack surface, and therefore risk to the business.

2. The ongoing modernization of identity and access management. The CDR data shows, as expected, that organizations are stepping up their legacy IAM programs with new technologies and approaches. For example, over 80% are either already using or planning to use identity-as-a-service, presumably to help ease some of the pain of keeping access rights up to date. Over 75% currently or will soon invest in federated identity management. And the biggest new investment area is biometrics. Given that most attackers leverage real user identities to execute and progress their attacks, Identity Access Management (IAM) as a discipline continues to be a pillar of cybersecurity and needs to adjust to the evolution of tech-driven business.

But here the credential hygiene issue comes up again. The controls side of IAM is only part of the equation. No matter how perfect access controls are, normal, authorized use of credentials helps make a friendly environment for attackers—unless there is also a healthy dose of hygiene. Credentials, the fuel that attackers harvest to move laterally, get cached on systems and within applications. The function of cleaning up credential debris is an important complement to IAM.

3. The need for risk quantification. The CDR report acknowledges the huge challenge of adequately assessing and rating cyber posture in terms that are meaningful to the business, not just the IT team. Traditional risk assessment methods are expensive, time-consuming, and typically only capture a time-limited snapshot. Vendors can and should do a better job of providing what relevant data and perspectives they can to help security managers quantify risk in relevant ways—and provide features that help security operators make risk-aware decisions during their everyday work. Illusive contributes by mapping pathways to “crown jewels” and providing risk-weighted data to help organizations understand where high-risk connectivity can be cut to reduce exposure of critical systems. This same context is also provided when an attacker is present; after all, the distance an attacker is from critical systems should ideally determine what steps are taken in response.

4. Deception is a leading “planned for acquisition” in 2019. Deception technology ranks near the top of organizations’ “to buy” lists. In application and data security technologies planned for acquisition, deception technology ranks second at 36.8%, behind API gateways (38.8%). Deception technology also scores the third-highest increase in adoption (+2.0%) in 2019, behind SSL/TLS decryption platforms (+4.4%) and advanced malware analysis/sandboxing (+3.7%).

5. And the “it’s no surprise, but…”. New this year, the CDR found that “IT security’s greatest inhibitor to success is contending with too much security data.” There is simply too much incident data, too many system logs, too many false positives, and woefully undersized security teams that not only lack capacity to analyze everything, they also lack enough advanced cybersecurity skills.

How Illusive Can Help

Illusive Attack Surface Manager (ASM) enables IT to continuously find and automatically remove cached credentials, connection violations, and high-risk pathways across the infrastructure. Forgotten, lost, unused, or mismanaged admin credentials and access privileges can no longer remain hidden. For a limited time, Illusive is offering Attack Surface Manager through a special ASM Spotlight offer, Organizations of any size or budget can stand it up in hours to gain immediate visibility into their attack surface.

Illusive deceptions form the basis of the Illusive Attack Detection System (ADS). Agentless and intelligence-driven, Illusive ADS deception technology enables you to detect and disrupt cyberattackers no matter where they start. When Illusive ADS detects an attack, the security team immediately knows that it is real, where it is, and what is happening.

High-fidelity alerts generated through a deception-based approach also help alleviate the problem of too much data, as does Illusive’s Attack Intelligence System. It delivers forensics from both the endpoint where the attacker is operating and from target systems to observe the attacker in a safe environment. It’s a wealth of data—but it’s the precise data pertinent to the attack, rolled up into an easy-to-use, time-stamped, sortable format in real time for focused response.

Download the full CDR report here.