To quickly detect an occurring cyber-attack on endpoints, there are seven important security controls required to be put in place by a wide variety of security regulations.
Tripwire examined 763 IT professionals from retail, energy, financial services and public sector organisations in the US to evaluate confidence in these security controls needed to defend against the most dangerous cyber-attacks: accurate hardware inventory, accurate software inventory, ongoing configuration management and hardening, vulnerability management, patch management, log management and identity and access management.
Most respondents were confident in their ability to detect a breach, but were not sure how long automated tools would take to find the main indicators of compromise. Over two-thirds (67 percent) had a basic idea of how long it would take automated tools to detect unauthorised configuration changes to an endpoint on their organisations' networks, were unsure or didn't use automated tools. On the other hand, 71 percent thought it would happen within minutes or hours.
Nearly two-thirds (62 percent) of respondents were not sure low long it would take for automated tools to alert them if an unauthorised device on the network was found, meanwhile 87 percent felt it would happen within hours. Less than a quarter (23 percent) of respondents said that 90 percent of hardware assets on the company networks are automatically found.
Tim Erlin, director of IT security and risk strategy for Tripwire said, “It's good news that most organisations are investing in basic security controls; however, IT managers and executives, who don't have visibility into the time it takes to identify unauthorised changes and devices, are missing key information that's necessary to defend themselves against cyber-attacks.”