Cisco released its 2018 Annual Cybersecurity Report (ACR) on Feb. 21, revealing insights from its own efforts, as well as a survey of 3,600 Chief Information Security Officers (CISOs).
Among the high-level findings in the 68-page report is that 39 percent of organizations stated they rely on automation for their cyber-security efforts. Additionally, according to Cisco’s analysis of over 400,000 malicious binary files, approximately 70 percent made use of some form of encryption. Cisco also found that attackers are increasingly evading defender sandboxes with sophisticated techniques.
“I’m not surprised attackers are going after supply chain, using cryptography and evading sandboxed environments, we’ve seen all these things coming for a long time,” Martin Roesch, Chief Architect in the Security Business Group at Cisco, told eWEEK. “I’ve been doing this for so long, it’s pretty hard for me to be surprised at this point.”
Roesch did note however that he was pleasantly surprised that so many organizations are now relying on automation, as well as machine learning and artificial intelligence, for their cyber-security operations.
“If you want to make use of a lot of security data quickly, you have to make use of a fair amount of automation,” Roesch said.
Roesch also noted that the ACR highlights the fact that organizations are using more cyber-security products from more vendors than ever before. In 2017, 25 percent respondents reported that they used cyber-security technologies from 11 to 20 vendors, up from 18 percent in 2016.
Exposed Systems
Among the different types of security concerns analyzed in the ACR is the issue of exposed development systems. Franc Artes, Architect, in the Security Business Group at Cisco said that DevOps servers including MongoDB, CouchDB, Memcache and Elasticsearch were left wide open by organizations in 2017, enabling potential attackers to easily extract information.
“We see that DevOps organizations are building quickly, but while they are scaling they are not unfortunately making sure they have hardened their systems,” Artes said.
Cisco’s ACR also examined the issue of cyber-security alerts and how organizations respond to them. Cisco found that 93 percent of organizations had at least one security alert in 2017, though only 56 percent of alerts were actually investigated. Looking at the alerts that were investigated, Cisco reported that only 34 percent were considered to be legitimate.
Getting alerts is one thing, while actually being able to detect real threats is another. A key metric that Cisco tracks for itself is the time to detection (TTD) for threats. In 2016, Cisco reported that its annual median TTD for new threats was 14 hours. That figured improved significantly in 2017, dropping down to 4.6 hours.
The post Cisco Report Finds Organizations Relying on Automated Cyber-Security appeared first on Statii News.
source http://news.statii.co.uk/cisco-report-finds-organizations-relying-on-automated-cyber-security/
No comments:
Post a Comment