A survey by Positive Technologies found that 74% of Russian companies are vulnerable to targeted cyber attacks.
Most Russian organizations are serious about protecting their corporate infrastructure, but they consider their security measures insufficient to counter complex targeted attacks. Such conclusions follow from a recent study by Positive Technologies.
The survey showed that 74% of respondents admit that their company is not sufficiently protected from complex and targeted cyber attacks. At the same time, 76% rate the organization's approach to protecting end devices, which includes a combination of different information security products, as "serious".
The ability to detect and prevent targeted attacks is critical when building corporate infrastructure protection, 73% of respondents said. About 14% of companies have already experienced targeted attacks on their companies.
The purpose of the study was to find out how much Russian organizations are protected from targeted cyber attacks, how they build protection of end nodes (computers, servers, network equipment), what problems they face and what functions of information security products they pay attention to first.
"Almost 80% of our respondents are serious about building endpoint protection by combining different solutions. This approach is more often used by large organizations with well-established information security processes, " comments Egor Nazarov, Head of Business Development for protection against complex attacks at Positive Technologies.
He notes that antivirus software alone is not enough to effectively detect targeted attacks, since its capabilities are based on the analysis of already known threats. Classic antivirus programs often miss attacks that develop in the form of a chain of various actions at the endpoint under the guise of legitimate processes.
In such cases, organizations need more extensive incident response tools to respond quickly to the actions of intruders. These capabilities are provided by Endpoint Detection and Response (EDR) solutions that aggregate information about threats based on behavioral, static, and other analysis methods. EDRS also allow you to automate routine response operations, freeing up the time of cybersecurity professionals.
Companies face three key challenges when organizing end-node protection. First, there is an excessive load of security tools on workstations, which makes it difficult for applications to work. Secondly, it is impossible to flexibly configure the depth of event analysis. Third, the incompatibility of agents with different security tools: with a multi-vendor approach, tools can conflict with each other, which leads to interruptions in the operation of the operating system. Therefore, developers need to ensure that their products are compatible with other information security systems.
According to Positive Technologies experts, organizations need advanced endpoint protection tools, such as MaxPatrol EDR, to effectively counter targeted attacks. These solutions are able to quickly detect complex threats, provide flexible response and automate routine operations, taking into account the specifics of the company's infrastructure.
"When choosing an EDR solution, it is important to pay attention to the support of Russian operating systems included in the unified register of domestic software, the ability to integrate into various virtual environments, the flexibility of configuration and the possibility of autonomous operation. In addition, it is necessary to integrate technologies of advanced methods for detecting and analyzing HPE, as well as response tools, into the processes of proactive threat search," comments Nikita Yudin, Development Manager for endpoint protection solutions at Positive Technologies.
Most Russian organizations are serious about protecting their corporate infrastructure, but they consider their security measures insufficient to counter complex targeted attacks. Such conclusions follow from a recent study by Positive Technologies.
The survey showed that 74% of respondents admit that their company is not sufficiently protected from complex and targeted cyber attacks. At the same time, 76% rate the organization's approach to protecting end devices, which includes a combination of different information security products, as "serious".
The ability to detect and prevent targeted attacks is critical when building corporate infrastructure protection, 73% of respondents said. About 14% of companies have already experienced targeted attacks on their companies.
The purpose of the study was to find out how much Russian organizations are protected from targeted cyber attacks, how they build protection of end nodes (computers, servers, network equipment), what problems they face and what functions of information security products they pay attention to first.
"Almost 80% of our respondents are serious about building endpoint protection by combining different solutions. This approach is more often used by large organizations with well-established information security processes, " comments Egor Nazarov, Head of Business Development for protection against complex attacks at Positive Technologies.
He notes that antivirus software alone is not enough to effectively detect targeted attacks, since its capabilities are based on the analysis of already known threats. Classic antivirus programs often miss attacks that develop in the form of a chain of various actions at the endpoint under the guise of legitimate processes.
In such cases, organizations need more extensive incident response tools to respond quickly to the actions of intruders. These capabilities are provided by Endpoint Detection and Response (EDR) solutions that aggregate information about threats based on behavioral, static, and other analysis methods. EDRS also allow you to automate routine response operations, freeing up the time of cybersecurity professionals.
Companies face three key challenges when organizing end-node protection. First, there is an excessive load of security tools on workstations, which makes it difficult for applications to work. Secondly, it is impossible to flexibly configure the depth of event analysis. Third, the incompatibility of agents with different security tools: with a multi-vendor approach, tools can conflict with each other, which leads to interruptions in the operation of the operating system. Therefore, developers need to ensure that their products are compatible with other information security systems.
According to Positive Technologies experts, organizations need advanced endpoint protection tools, such as MaxPatrol EDR, to effectively counter targeted attacks. These solutions are able to quickly detect complex threats, provide flexible response and automate routine operations, taking into account the specifics of the company's infrastructure.
"When choosing an EDR solution, it is important to pay attention to the support of Russian operating systems included in the unified register of domestic software, the ability to integrate into various virtual environments, the flexibility of configuration and the possibility of autonomous operation. In addition, it is necessary to integrate technologies of advanced methods for detecting and analyzing HPE, as well as response tools, into the processes of proactive threat search," comments Nikita Yudin, Development Manager for endpoint protection solutions at Positive Technologies.
