Illusive Networks®, the leader in deception-based threat detection, today announced the release of a new research report carried out by leading IT analyst firm Enterprise Management Associates (EMA) and funded by Illusive Networks, exploring user opinion and awareness about deception technology.
The research discovered a vast gulf in incident response times between those who have deployed deception technology on their networks and those who haven’t. Most crucially, the study found that enterprises leveraging deception detected attackers lurking within their networks 12 times faster than those who were unacquainted with the technology.
The EMA study, available here, based on over 200 interviews with cybersecurity and IT professionals about their use of deception technology as part of their threat defense strategy, found that the mean time to detect threats inside an organization’s networks was over sixty days, compared with only five and a half days using deception. In addition, 70% of respondents that considered themselves highly familiar with deception technology rated their organizations as highly effective at detecting in-network threats, whereas that figure was only 49% when also including users less familiar or unaware of deception technology.
Overall, the research found that the use of deception continues to gain acceptance among the most forward-leaning security operations teams that are trying to get out ahead of attackers and keep them from doing serious damage. Other key findings from the report:
28% of respondents described their organization’s approach to cybersecurity as striving to be “at the forefront of cybersecurity innovation,” and 70% of those groundbreaking organizations cited high or good familiarity with deception technology, confirming deception’s status at the bleeding edge of cybersecurity threat detection and mitigation.
While respondents found that deception addressed a wide range of use cases, with 19 cited in the survey, a clear majority (67%) of those evaluating or planning to evaluate deception technology indicated that their primary use case for the solution is to detect in-network threats as early as possible in the threat lifecycle.
Deception was considered by the survey respondents as the most effective technology for detecting insider threats, tied with next-generation endpoint security at 30% and beating out such established technologies as user and entity behavior analytics (UEBA) at 24%, security information and event management (SIEM) at 23% and DLP/data classification (also at 23%), among many others.
Respondents chose a diverse array of unique benefits and values that they believed deception technology provides, countering some industry perceptions that deception only delivers a limited set of truly exceptional advantages for those who adopt it. The top five benefits cited were faster incident response at 13%, detection of basic and advanced threats regardless of techniques (12%), more actionable alerts (12%), intelligence on attacker movement techniques and targets (12%), and visibility to attack paths and credential vulnerabilities (12%).
The survey found that deception technology doesn’t just help shut down attackers before they can do any real damage and prevent attacks of similar nature in the future. It also is extremely useful for sharing threat intelligence with other security tools and plays a key role as part of an in-depth defense strategy. Seventy-three percent of deception users leverage the technology to augment existing security controls, with SIEM (13%) and IDS/IDP/IPS (11%) leading the pack. Furthermore, 12% of deception users directly integrated deception into their vulnerability management systems and network blocking solutions, and eight other technology integrations for deception were also cited in the study.
“The constant stream of high-profile breaches making headlines show that cyberattackers continue to leverage high dwell times to move laterally towards the critical data they want to steal,” notes Paula Musich, the research director in security and risk management at Enterprise Management Associates. “The fact that deception technology has been found to reduce attacker dwell time by over 90% is a significant sign of cybersecurity progress that organizations should take seriously.”
“Cybersecurity has traditionally been like a game of Whack-a-Mole – as soon as organizations tamp down one threat, up pops another one,” notes Ofer Israeli, Founder and CEO of Illusive Networks. “This EMA research makes clear that deception truly turns the tables on attackers, forcing them to reveal themselves much earlier from the breach beachhead, finally stacking the odds in defenders’ favor.”
Access the report, “A Definitive Market Guide to Deception Technology,” and take a deep dive into the benefits of implementing deception by visiting: https://go.illusivenetworks.com/ema-deception-technology-market-guide
Research Methodology
Illusive Networks and several other deception technology vendors sponsored this research carried out by Enterprise Management Associates (EMA). EMA gathered data in June 2019 from 208 respondents whose organizations primarily serve customers in North America and a majority of whom work in IT/IS/telecom or cybersecurity roles within the IT organization.
Illusive Networks®, was just named Recommended Product in SC Media’s wide-ranging review of deception network tools. SC Labs awarded the Illusive platform 5-stars in all rating categories; features, documentation, value for money, performance, support, and ease of use. For a full copy of the SC Lab report, please visit https://go.illusivenetworks.com/sc-labs-recommended-deception-product
About Illusive Networks
Illusive Networks empowers security teams to reduce the business risk created by today’s advanced, targeted threats by destroying an attacker’s ability to move laterally toward critical assets. Illusive reduces the attack surface to preempt attacks, detects unauthorized lateral movement early in the attack cycle, and provides rich, real-time forensics that enhance response and inform cyber resilience efforts. Agentless and AI-driven, Illusive technology enables organizations to proactively intervene in the attack process, avoid operational disruption and business losses, while functioning with greater confidence in today’s complex, hyper-connected world.
For more information, visit www.illusivenetworks.com