LATEST INTELLIGENCE
PRESENTED BY
Download whitepaper here
A
utomating endpoint detection and
response solutions is the top priority for IT
professionals trying to put actionable controls
around their endpoints, according to the SANS 2018
survey on endpoint protection and response.
Automating and integrating workload across the
detection and response cycle is critical as endpoint
systems of every type including Industrial IoT (IIoT)
devices, are under constant attack.
As in our past surveys, user endpoints in particular
continue to be a persistent problem for organisations.
Most successful endpoint compromises still leverage
human factors, such as social engineering/phishing,
web drive-bys and ransomware. This year’s survey
results also show a slight increase in USB-based
infections as the initial attack vector.
24
INTELLIGENTCIO
Although antivirus was the tool most commonly
used to detect the initial vector of attack, only
47% of attacks were detected this way. Other
attacks (32%) were detected through automated
SIEM alerts and network analysis, and 26% were
detected through EDR (endpoint detection and
response) platforms.
Yet, detection technologies that look at user and
system behaviour or provide context awareness were
much less involved in detecting breaches.
Only 23% of respondents’ compromises were
detected through attack behaviour modelling and
only 11% of compromises with behaviour analytics.
Because user and machine behaviours are the cause
of most endpoint breaches, these technologies are
critical for endpoint detection and response. n
www.intelligentcio.com