SANS surveyed 829 IT professionals with endpoints located around the globe to explore how IT professionals monitor, assess, protect and investigate their endpoints. A majority of respondents were security analysts (34 percent), followed by security managers or CISOs (16 percent) and IT managers or CIOs (15 percent).
Attackers are gaining access to valuable, sensitive data, such as login and access credentials. This data can be used to further compromise networks and gain access to sensitive information on employees, customers and company intellectual property and trade secrets. Other highly compromised data included email files (28 percent) and sensitive customer or employee data (17 percent).
The survey results highlight the need for a more proactive approach to detecting threats and compromises. While 44 percent of respondents said that their endpoint systems have been compromised within the last 24 months, 15 percent reported that they didn’t know how many threats were detected through proactive hunting.
For the second year in a row, more than a quarter of respondents were notified of a breach by a third party.
Critical data: key findings
Detection – Forty-one percent said they were unable to acquire information about unauthorized sensitive data that they need to detect threats. An additional 39 percent reported they are unable to acquire endpoint data from memory-based artifacts and 33 percent were unable to access data on finger print running applications.
Response – A majority of professionals (74 percent) want results from endpoint queries in an hour or less and 38 percent want that data in five minutes or less. This once again underscores that the ability to quickly conduct investigations is a top priority for companies.
Remediation – Sixty-five percent of respondents said that determining the impacted data on breached endpoints and determining the scope of a threat across multiple endpoints was impossible. Limited visibility into the impact of a breach will negatively impact an organization’s ability to remediate the damage.