More than a quarter (28%) of global companies that have implemented an endpoint detection and response (EDR) solution have been able to detect cyberattacks in just a few hours or even almost immediately after an incident happened.
This overall result is higher than the average per region surveyed, where 13% of businesses in the META region responded that way.
This is the findings of the Kaspersky IT Security Risks Survey, which finds that timely detection of a cyber-incident is essential to reduce losses from a cyberattack.
The longer that cybercriminals can stay unnoticed in a corporate network, the more data they can gather and the closer they can get to critical company assets. Reducing ‘dwell time’ allows businesses to contain a cyberattack before it can cause substantial damage.
In a survey of IT business decision makers commissioned by Kaspersky, 2 961companies around the world were asked how long it took them to discover a cyberattack that they experienced in the previous year. Detailed analysis of the given responses has revealed that there is a strong correlation between EDR implementation and dwell time.
Among the companies that use EDR, globally, 28% confirmed that it took them several hours or less to find an attack. Of this group, 14% detected an attack almost immediately, which is higher than the average result per region surveyed and 6% for the META region.
Meanwhile, 14% of global respondents discovered the incident within a few hours, in comparison to 7% for the META region. Only 8% of EDR users globally said that it took them several months to identify that they were under attack.
However, the largest number of respondents estimated that detection took them several days, whether they have EDR in place or not.
“EDR provides a greater level of discovery and visibility across endpoint infrastructure and facilitates effective root cause analysis, threat hunting and fast incident response. At the same time, EDR automates the routine tasks analysts may face in detection and response-processing activities,” comments Yana Shevchenko, senior product marketing manager at Kaspersky.
“However, as the statistics show, for some respondents EDR doesn’t help to reduce an attack ‘dwell time’. The reason may lie in the fact that alerts on suspicious activity require security analysts to investigate and decide if an action poses danger.
“So, in companies without internal expertise to handle complex incidents, the use of a feature-rich professional solution may not bring the desired effect.”