First Edition of The Post Breach Industry Report Reveals What Attackers Do Once Bypassing Perimeter Defenses
Vectra Networks, a leader in real-time detection of in-progress cyber-attacks, today announced the results of the first edition of The Post Breach Industry Report, an industry study using real-world data from enterprise networks to reveal what attackers do within a network once they evade perimeter defenses.
The Post Breach Industry Report collected data over five months from more than 100,000 hosts within sample organizations to gain a deeper understanding of breaches that inevitably bypass perimeter defenses, and what attackers do once inside networks. The study found that more than 11,000 hosts experienced one or multiple cyber-attacks that made it through perimeter defenses. Of these attacked hosts, 10 percent had detections for two or more attack phases – such as botnet monetization, command and control, reconnaissance, lateral movement and exfiltration.
Overall, 15 percent of hosts in the participating organizations experienced a targeted attack. Once the attackers established a stronghold, they performed reconnaissance via internal port scans, lateral movement using brute force attacks, remote control of the attack with command and control communication, and exfiltration through hidden tunnels.
“While many industry reports study perimeter defenses and app/web usage by authorized users on the network, The Post Breach Industry Report is the industry’s first which studied how many attacks successfully bypass perimeter security, and what attackers do once they gain network access,” said Oliver Tavakoli, CTO of Vectra Networks, whose threat detection and reporting technology was used to gather organizations’ information for the study. “Cyber-attacks are increasingly sophisticated, highly organized, and successful despite $60 billion invested in cyber security annually worldwide. All of the attack phases detected are ones that evaded organizations’ perimeter and endpoint security systems.”
A copy of the study can be found at http://info.vectranetworks.com/post-breach-industry-report.
Additional key findings of the study include:
The Post Breach Industry Report evaluates detection data from Vectra’s X-series platforms deployed in production networks. Vectra Networks detects attacks at every phase of an ongoing attack, regardless of how the attack enters an organization’s network and the application, operating system or device involved. The platform continuously monitors an organization’s network and provides automated, intuitive and prioritized reporting so security analysts can address the highest business risks quickly. The selected organizations in this study operate in a variety of industries, including technology, financial services and higher education.
Vectra Networks is the leading innovator in real-time detection of in-progress cyber-attacks. Vectra delivers continuous automated cyber-attack detection and reporting that instantly identifies attacks while they are happening and describes what the attacker is doing. Vectra automatically prioritizes attacks that pose the greatest business risk, enabling organizations to quickly make decisions on where to focus their time and resources. Vectra Networks’ investors include Khosla Ventures, Accel Partners, IA Ventures and AME Cloud Ventures. The company’s headquarters are in San Jose, Calif. More information can be found at www.vectranetworks.com.
###Vectra Networks is a registered trademark of Vectra Networks in the United States and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.
Report: A vulnerable attack surface exists in healthcare enterprise IT networks
Vectra named a Representative Vendor in the inaugural Gartner Market Guide for Network Traffic Analysis
Ardagh Group selects Vectra AI to acceleratethreat detection and investigation