Tripwire 2016 Breach Detection Survey: Overview

Tripwire's 2016 Breach Detection Study evaluated the confidence and efficacy of seven key security controls, which must be in place to quickly detect a cyberattack in progress. Conducted by Dimensional Research Study, respondents included 763 IT professionals from retail, energy, financial services and federal government organizations in the United States.

“All of these results fall into the ‘we can do that, but I’m not sure how long it takes’ category. It’s good news that most organizations are investing in basic security controls; however, IT managers and executives, who don’t have visibility into the time it takes to identify unauthorized changes and devices, are missing key information that’s necessary to defend themselves against cyberattacks.”

Tim Erlin, director of IT security and risk strategy for Tripwire

Do you know long does it take for automated tools to alert the organization’s administrators that unauthorized configuration changes on endpoint devices?
 

How long would it take to detect configuration changes to endpoint devices on your organization's network?
 

Approximately what percentage of patches succeed in a typical patch cycle?
  Healthcare Respondants Energy Respondants
I don't know 5% 4%
Less than 60% 5% 3%
60-70% 9% 13%
70-80% 29% 28%
80-90% 27% 29%
90-100% 26% 23%

Do you know how long it takes vulnerability scanning systems to generate an alert if they detect unauthorized devices on the network?
 

How long would it take vulnerability scanning systems to generate an alert if they detect an unauthorized device on the network?
 

Federal Respondants: Are all vulnerabilities detected by the scanning tools fixed or remediated promptly?
   
All critical vulnerabilities detected are not fixed within 60 days 15%
All critical vulnerabilities detected are fixed within 31 to 60 days 33%
All vulnerabilities detected are fixed within 15 to 30 days 52%

Can you detect all attempts by users to access files on local systems or network-accessible file shares without the appropriate privileges?
  Annual Revenue: $250 million to $500 million Annual Revenue: $5 billion or more
No 42% 32%
Yes 58% 68%

Finance Respondants: Are your automated tools able to identify the locations, department and other critical details about unauthorized devices?
 

Approximately what percentage of the hardware assets on your network are discovered automatically?
   
More than 90% 16%
90% 7%
80% 12%
70% 13%
60% 10%
50% 11%
40% 8%
30% 9%
20% 4%
10% 3%
None of them 5%

"Respondents have a much clearer understanding of their vulnerability scanning processes than asset discovery and change detection, yet unauthorized assets and changes are a key factor in successful breaches. Closing this gap should be a priority for most organizations."

Tim Erlin, director of IT security and risk strategy for Tripwire