Over a quarter of firms using EDR detect cyber-incidents within hours or less

More than a quarter (28%) of global companies that have implemented an Endpoint Detection and Response (EDR) solution have been able to detect cyberattacks in just a few hours or even almost immediately after an incident happened. This overall result is higher than the average per region surveyed, where 13% of businesses in the Africa, Middle East and Turkey (META) region responded that way. This is the findings of the Kaspersky IT Security Risks Survey.

Timely detection of a cyber-incident is essential to reduce losses from a cyberattack. The longer that cybercriminals can stay unnoticed in a corporate network, the more data they can gather and the closer they can get to critical company assets. Reducing ‘dwell time’ allows businesses to contain a cyberattack before it can cause substantial damage.

In a survey of IT business decision makers commissioned by Kaspersky in 2019, 2,961companies around the world were asked how long it took them to discover a cyberattack that they experienced in the previous year. Detailed analysis of the given responses has revealed that there is a strong correlation between EDR implementation and dwell time.

Among the companies that use EDR, globally, 28% confirmed that it took them several hours or less to find an attack. Of this group, 14% detected an attack almost immediately, which is higher than the average result per region surveyed and 6% for the META region. Meanwhile, 14% of global respondents discovered the incident within a few hours, in comparison to 7% for the META region. Only 8% of EDR users globally said that it took them several months to identify that they were under attack.

However, the largest number of respondents estimated that detection took them several days, whether they have EDR in place or not.

“EDR provides a greater level of discovery and visibility across endpoint infrastructure and facilitates effective root cause analysis, threat hunting and fast incident response. At the same time, EDR automates the routine tasks analysts may face in detection and response-processing activities. However, as the statistics show, for some respondents EDR doesn’t help to reduce an attack ‘dwell time’. The reason may lie in the fact that alerts on suspicious activity require security analysts to investigate and decide if an action poses danger. So, in companies without internal expertise to handle complex incidents, the use of a feature-rich professional solution may not bring the desired effect,” comments Yana Shevchenko, Senior Product Marketing Manager at Kaspersky.

Kaspersky offers two EDR-class solutions that meet the requirements of different types of customers. For IT-security matured enterprises, Kaspersky EDR provides IT security experts with advanced threat discovery, deep investigative capabilities powered by threat intelligence and MITRE ATT&CK framework mapping, threat hunting and a centralised response to multi-staged complex attacks. Kaspersky EDR Optimum provides core EDR capabilities – including better visibility into endpoints, simplified root cause analysis and automated response options – to organisations with limited resources and cybersecurity expertise.

(Visited 64 times, 1 visits today)


Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.