Attackers are bypassing perimeter detection methods according to a survey

More organizations are operating under the assumption that their network has already been compromised, or will be, according to a survey conducted by the SANS Institute on the behalf of Guidance Software. Fifty-six percent of those surveyed assume that they have been breached or will be soon compared with 47 percent last year. However, organizations are not taking a proactive approach to detecting threats or achieving greater visibility into their networks.\
SANS surveyed 1,827 IT professionals in the United States for the 2nd annual SANS Endpoint Security Survey, to explore how IT professionals monitor, assess, protect and investigate their endpoints, including servers. A majority of respondents were security analysts (33 percent), followed by security managers or chief information security officers (16 percent), and IT managers or CIOs (13 percent).

The survey results underscore that despite the increased assumption of compromise, visibility into endpoints remains an issue. Highlighting the need for detection at the endpoint, this year, 55 percent of respondents say that up to 30 percent of their incidents should have been detected by perimeter security measures but weren’t. Furthermore, organizations admit that stealthy attacks are not the ones bypassing their defenses—39 percent reported that less than 10 percent of their adversaries were advanced or used stealth advanced exploit and hiding techniques.
“Relying solely on perimeter detection is insufficient to detect and root out threats. In fact, it appears that the lack of visibility into threats is increasing as organizations become overly dependent on perimeter defenses,” said Jake Williams, Instructor and Course Author at the SANS Institute. “Furthermore, many organizations are not proactively hunting for threats on their networks, which is a risky approach since they are not working under the assumption of compromise. Instead, many are simply waiting for alerts from defenses attackers have long since bypassed.”

Other key findings from the survey include:
• Prevention—Thirty-four percent did not know what percentage of threats are detected through proactive discovery. This a double-fold increase from last year’s survey. Additionally, 25 percent indicated that they do not know what threats should have been blocked by firewalls, routers and other edge detection solutions.
• Detection—Fifty-five percent of respondents say 30 percent of incidents should have been detected by perimeter security measures but weren’t, and almost a quarter of respondents were notified of a compromise by a third party.
• Automation—For a majority of participants, false positive rates are unacceptably high, with 52 percent of organizations suffering false positive rates in excess of 20 percent. Automation levels continue to lag behind what respondents want. Respondents’ projections of achieving automation in 24 months remained relatively stable compared to last year.
• Response—A majority (83 percent) need results from endpoint queries in an hour or less and 28 percent want that data in five minutes or less. The ability to quickly conduct investigations is a top priority.
• Remediation—Wipe and reimage remains the most popular technique for remediating compromised endpoints according to 79 percent of respondents.
Top Challenges to Incident Recovery: In addition to learning about respondents’ opinions about outsourcing or insourcing security response actions, the survey also measured the top five challenges to incident recovery.

They were:
1. Assessing the impact
2. Determining the scope of a threat across multiple endpoints
3. Determining when the incident is fully remediated
4. Hunting for compromised endpoints
5. Determining what company confidential and/or regulated data was at risk because of compromised endpoints
“Cybercriminals are constantly looking for new ways to bypass security measures and no organization is immune from attack,” said Ken Basore, CIO for Guidance Software. “Organizations must embrace an aggressive approach – constantly searching for threats inside their network. In order to be vigilant, organizations must gain visibility into endpoints to determine what sensitive data is stored on them and be able to create a sustainable model of protection.”

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Mike Hurst - Security Buyer

Zygal appoints Mike Hurst CPP CPOI

Zygal, which produces cutting edge AI cloud VMS and monitoring solutions for connecting, managing, and monitoring assets…
Secure Logiq

Secure Logiq expands into APAC

Secure Logiq is heading into the Asia-Pacific region with big plans and a clear focus on Australia and New Zealand. Helping to steer…
Sophos

Sophos Enhances Protection and Incident Response

Sophos announces an update to its Sophos Firewall, now including Sophos NDR Essential, which is free for all customers with an…
Dallmeier

Tenerife Airport relies on video technology

Tenerife Norte-Ciudad de La Laguna Airporthas significantly improved its safety by installing state-of-the-art video technology..
ICT

ICT announces Stewart Meyer as Chief Marketing Officer

Integrated Control Technology (ICT®), a leading provider of intelligent access control, intrusion detection, building automation and…
IDIS

IDIS launches Edge AI Plus Camera Range

IDIS’s new Edge AI Plus Camera range gives users more flexible, affordable options to upgrade their video systems with advanced AI…
ASSA ABLOY Opening Solutions

Digitalising access and optimising workflows

Digitalization is high on the agenda, or well under-way, in all kinds of commercial environments. As part of this process…
Dallmeier

The new AI High Resolution Counting App from Dallmeier

The new Dallmeier AI High Resolution Counting App enables precise counting even with a large number of people and vehicles…
Environfence

Noise-reducing 12K Envirofence by Jacksons Fencing

Noise-reducing 12K Envirofence by Jacksons Fencing installed at Travis Perkins’ new Coventry depot – A case study
TDSi

TDSi Launches UK GARDiS Installer Training

Integrated Access Control and Security manufacturer TDSi announces that it is offering a free Training Kit to individuals taking part…
Scroll to Top