Majority of Attacks Successfully Infiltrate Without Detection and More in Mandiant Security Effectiveness Report 2020

Organizations have been managing
security based on assumptions and best guesses for decades. However,
these assumptions have resulted for many in financial and operational
inefficiencies, defensive regression and an inability to determine if
organizations are actually making the right decisions for their
security posture.

The 2020 edition of our Mandiant
Security Effectiveness Report
 explores this topic further,
revealing insights into (and data about) how well organizations are
protecting themselves against the growing number of cyber threats and
attacks, and the overall effectiveness of their security infrastructure.

The Results: Alerts Were Generated for Only 9% of Attacks

Every organization’s environment is unique, complex and always
changing, and in the report we uncovered some interesting results. For
instance, we found that while organizations invest large sums in
security controls and assume that their business-critical assets are
fully protected, the reality is that attackers are successfully
infiltrating the majority (53%) of environments without being
detected. We found that 26% of attacks successfully infiltrated
environments but were detected, and 33% of attacks were prevented by
security tools. Alerts were generated for only 9% of attacks,
demonstrating that most organizations and their security teams do not
have the visibility they need into serious threats, even when they use
central SIEM, SOAR and analysis platforms.

The Mandiant Security Effectiveness Report 2020 also takes a
deeper look into techniques and tactics used by attackers, as well as
the primary challenges most commonly uncovered in enterprise
environments through security validation and conducting testing:

  • Reconnaissance: In testing network traffic, organizations
    reported only 4% of reconnaissance activity generated an alert
  • Infiltrations & Ransomware: 68% of the time,
    organizations reported their controls did not prevent or detect the
    detonation within their environment
  • Policy Evasion: 65% of the time, security environments were
    not able to prevent or detect the approaches being tested
  • Malicious File Transfer: 48% of the time, controls in place
    were not able to prevent or detect the delivery and movement of
    malicious files
  • Command & Control: 97% of the behaviors executed did not
    have a corresponding alert generated in the SIEM
  • Data Exfiltration: Exfiltration techniques and tactics were
    successful 67% of the time during initial testing
  • Lateral Movement: 54% of the techniques and tactics used to
    execute testing of lateral movement were missed

What Organizations Need to Do Now

There are actions organizations can take to break out of this
assumption cycle. They need to continuously monitor and measure
security effectiveness, and to do that, they need empiric evidence in
order to specifically identify the gaps, how to address them, and
improve people, process and technology. Measuring cyber security
effectiveness is a continuous process, and doing so successfully
requires the right technology tools—such as Mandiant
Security Instrumentation Platform
, which removes the assumptions
so that organizations can validate and optimize their security programs.

Check out the full
press announcement
now. Interested in learning how to validate
controls against current and actual attacks? Check out our blog
posts: Addressing
the Perception Versus Reality Conundrum
and Cyber
Risk and Security Effectiveness in the Digital Age

Register today for webinar, 5
Steps to Security Validation
, where Major General Earl Matthews
USAF (Ret) discusses how to move beyond assumptions with automated and
continuous security controls validation; identify and measure
vulnerability gaps; manage and suggest remediation steps by arming
security practitioners with meaningful evidence; and validate an
organization’s ability to defend itself by using real adversary behaviors.

And of course, download a full copy of the
Security Effectiveness Report 2020
, including a list of
the 10 fundamentals for successful cyber security effectiveness validation.