Vectra AI has released a report on “The Evolving role of Network Detection and Response (NDR)”. It highlights why today’s security teams find it increasingly difficult to detect and stop cyber threats targeting their organizations. The research found that 70% of organizations have fallen victim to an attack that used encrypted traffic to avoid detection. Almost half (45%) admitted they’ve fallen victim multiple times. Worryingly, two thirds (66%) still don’t have visibility into all their encrypted traffic, leaving them highly vulnerable to further encrypted attacks.
The report shows that cybersecurity and networking professionals are struggling against rapidly increasing threat detection and response workloads, preventing analysts from dealing with sophisticated threats. Key findings include:
- 45% of cybersecurity and networking professionals feel threat detection and response workloads have increased – 40% citing more resources in the cloud, and 36% more devices on the network
- 37% believe sophistication of threats has increased making it difficult for analysts to spot legitimate attacks
- 69% agree that the lag between exploitation and detection gives attackers too much time to breach a network – with 29% also citing communication issues between SOC and other IT teams
- 23% believe SOC analysts do not have the right level of skills, and one-in-five (18%) believe they’re understaffed – suggesting security analysts are not equipped to deal with the scale of cyberattacks they face
- 60% of SMBs feel threat detection and response is now harder – showing smaller organizations are struggling to keep pace with the evolving cybercrime landscape
“Organizations face a barrage of threats on all fronts – in their network, cloud and IT environments – while cybercriminals use techniques like encryption to breach firms undetected. What’s more, many don’t have the skills or staff to deal with increasing security workloads,” comments Mark Wojtasiak, VP Product Strategy at Vectra. “To stem the tide against them, security teams need total visibility into their environments, so they can spot the signs of an attack before it becomes a breach. By empowering analysts with AI-driven Attack Signal IntelligenceTM, organizations can prioritize otherwise unknown and urgent threats that pose the greatest risk to the business. This improves analyst throughput by reducing alert noise, and arms them to reduce risk and keep organizations safe.”