Cybersecurity has long been a domain of innovation but is reaching a point of diminishing returns. According to Gartner, end-user spending for the information security and risk management market is estimated to grow at a compound annual growth rate of 8.7% from 2020 through 2025 to reach $213.7 billion in U.S. dollars.
VMware believes the answer is not some new security product or feature, or a different type of analytics. What’s needed are structural and architectural changes to how organizations approach security.
VMware Security enables customers to implement zero trust with fewer tools and silos, and scale response with confidence, speed, and accuracy by joining the critical control points of users, devices, workloads, and networks and delivering security as a built-in distributed service.
VMware Security enables customers to better detect and respond to exposures and attacks quickly; remediate known and potential threats faster; simplify security operations; and make more effective use of resources.
New threat landscape report highlights extent of threats evading perimeter defenses
Highlighting the need for a new approach, particularly inside the perimeter, is a newly released threat landscape report from the VMware Threat Analysis Unit. In “North-by-South-West: See What Evaded Perimeter Defenses,” the findings are clear: despite a cadre of perimeter defenses being deployed, malicious actors are actively operating in the network.
The research presents a clear picture of how attackers evade perimeter detection, infect systems, and then attempt to spread laterally across the network to execute their objective. Key insights include:
The best offense is to evade defense: Evasion of defense systems is the most encountered MITRE ATT&CK tactic used by malware, followed by execution and discovery. More than half of the network anomalies detected are unusual beaconing, followed by connections on suspicious ports and anomalous connections between two hosts.
When it’s commonly used, it’s commonly abused: Email continues to be observed as the most common attack vector to gain initial access with more than four percent of all business emails analyzed containing a malicious component. Attackers appear to be massively scaling up operations via an email campaigns weaponizing ZIP file attachments with malicious content. More than half of all malicious artifacts analyzed were delivered by a Zip archive. Finally, more than 75 percent of lateral movement events identified were conducted using Remote Desktop Protocol (RDP) often using stolen credentials to log in to other hosts on the network.
In with the new (no but out with the old): The most common bad security practice being observed is the transmission of clear-text passwords over the network, which can provide attackers the keys to the kingdom, enabling them to move laterally and exfiltrate data. Additionally, events associated with crypto mining activity account for a quarter of all known threats observed, signaling a new threat vector that is emerging.