news
Research finds 91% reduction in dwell time
for deception users
enterprise network when compared to those unfamiliar
with the technology. Other studies conducted by incident
response service providers or endpoint detection and
response vendors suggest an average of 78 to over 100
days, while survey respondents that are highly familiar
users of deception technology reported dwell times as low
as 5.5 days.
A total of 70% of respondents highly familiar with
and currently using deception technology rated their
organisations as highly effective as compared to 49%
reported from the aggregate of all users, including
deception technology users.
ttivo Networks, an award-winning leader in
deception for cybersecurity threat detection, has
announced the availability of a new research report,
conducted by Enterprise Management Associates (EMA) and
commissioned by Attivo Networks, that explores attitudes
and views of deception technology in the enterprise.
A
The research uncovered contrasts between users and
non-users of deception technologies. One of the most
significant findings is that users of deception technology
reported a 12X improvement in the average number of
days it takes to detect attackers operating within an
“Quantifying the ROI of security controls can be extremely
challenging and is often tied to overall breach metrics
that can be heavily debated,” said Carolyn Crandall, Chief
Deception Officer and CMO of Attivo Networks.
“This survey is particularly interesting in that it quantifies
the specific value derived and the sentiment of deception
technology users compared to non-users.”
To download the report, visit A Definitive Market Guide to
Deception Technology.
‘FORMJACKING’ SOARS AS HACKERS HIT
CONSUMERS AT CHECKOUT
nline forms such as login pages and shopping
baskets are increasingly hijacked by cybercriminals
hunting for personal financial information (PFI),
according to new research from F5 Labs. F5 Labs’ Application
Report 2019 examined 760 breach reports and discovered
O
that formjacking, which siphons data from the customer’s web
browser to an attacker-controlled location, remains one of the
most common web attack tactics. F5 Labs’ data discovered
that the method was responsible for 71% of all analysed web-
related data breaches throughout 2018.
“Formjacking has exploded in popularity over the last two
years,” said David Warburton, Senior Threat Evangelist, F5
Networks. “Web applications are increasingly outsourcing
critical components of their code, such as shopping carts and
card payment systems, to third parties. Web developers are
making use of imported code libraries or, in some cases, linking
their app directly to third party scripts hosted on the web.
“As a result, businesses find themselves in a vulnerable
position as their code is compiled from dozens of different
sources – almost all of which are beyond the boundary of
normal enterprise security controls. Since many web sites
make use of the same third-party resources, attackers know
that they just need to compromise a single component to skim
data from a huge pool of potential victims.”
www.intelligentciso.com
|
Issue 18
9