Kaspersky: Response time to high-severity incidents reduced by 17%

Friday 24 May 2024 11:36
Every year Kaspersky prepares a report based on the results of the analysis of MDR incidents identified by the Kaspersky SOC team. In this report, experts highlight incidents that require action from customers, divided them into high, medium and low-severity types. High-severity incidents mean human-driven attacks, or malware threats that have a significant impact on the customer's IT systems. Medium-severity incidents have no evidence of direct human involvement in the attack, but may affect the customer's infrastructure without severe consequences, while low-severity incidents do not affect customer's IT systems, but require a number of precautionary measures to be taken.
Kaspersky: Response time to high-severity incidents reduced by 17%

According to the recent Kaspersky MDR Analyst report, in 2023 Kaspersky SOC team needed an average of 36.37 minutes to report high-severity incidents - 17% faster than in previous years. Medium-severity incidents, which are often due to malware and are the most common, saw an increase in response times from 30 to almost 33 minutes that is explained by the general increase in such types of incidents.

Finally, the occurrences with the lowest severity, normally the consequences of potentially unwanted software, spent more time in the queue before being analyzed by SOC team, resulting in a waiting time of just over 48 minutes.

As for the response efficiency, approximately 74% of incidents were resolved after just one alert[1], indicating clear response scenarios and the effective termination of attacks.

Around 24% of incidents required attention based on 2-10 alerts, indicating cases where automatic resolution was not sufficient and required a human specialist involvement. Examples include ongoing attacks like the exploitation attempts following a network compromise or phishing campaigns, which often require manual investigation after multiple alerts.

A small proportion (2%) of incidents involved more than 10 alerts. Reasons included complex threats requiring thorough investigation before action or situations where the customer opted for monitoring only, such as in cyber exercises.

"The high-severity incidents with direct human involvement must be dealt with swiftly and decisively to contain the damage and prevent company's financial and reputational losses. This is why we always aim to reduce the response time to such critical incidents. With the multi-layered protection offered by our MDR, we can continue to fight cyber criminals effectively in this continually shifting threat landscape," said Sergey Soldatov, Head of Security Operations Center at Kaspersky.

In response to the findings of the MDR analysis, Kaspersky recommends organizations the following:

  1. ?arry out regular inventory of membership in privileged groups, to have a formal procedure for privileges and access management.
  2. Implement threat hunting practices in combination with classic alert-driven monitoring.
  3. Conduct a range of cyber exercises to test the efficiency of security mechanisms used in your company.
  4. Adopt a multi-layered security approach to guard against incidents. This includes robust endpoint protection, network security, and threat intelligence working with cybersecurity experts.
  5. If case a company lacks dedicated cyber security staff, use managed security services such as Kaspersky Managed Detection and Response(MDR), Kaspersky Compromise Assessment and Kaspersky Incident Response to get additional expertise and cover the entire incident management cycle from threat identification to continuous protection and remediation.

To learn more insights from Kaspersky MDR Analyst report 2023, please follow the link.

https://securelist.com/kaspersky-mdr-report-2023/112411/

[1] An alert is an event in the organization's IT infrastructure that is marked as unusual or suspicious, and that may pose a threat to the security of the organization's IT infrastructure.

Source: Piton Communications

Kaspersky: Response time to high-severity incidents reduced by 17%

Latest News

14 Jun Minor Hotels Triumphs with 22 Accolades at T L Luxury Awards Asia Pacific
14 Jun HEYA Education Opens an Exciting New World of Learning with a One-of-a-Kind Passion-Based Approach for All Students, Especially the Gifted and Talented, in
14 Jun AstraZeneca strengthened its commitment with the Thai government to collaborate on tackling NCDs in Thailand
14 Jun Thai Seasoning Leader Goes Global: Exotic Food Thailand Leverages RISE with SAP
14 Jun Thailand BOI Approves Investment Worth USD1.54 billion in Biochemicals, Data Centers, and Sets New Promotion Category for the Repair of Used EV Batteries and
14 Jun Spa Cenvaree Unveils Exclusive Membership Benefits for 2024
14 Jun Harnessing Green-Tech Solutions: A Strategic Approach to Achieving Carbon Neutrality in Thailand
14 Jun SF Express Group, a major shareholder, informed KEX of their support for capital increase plan and intent to subscribe its proportional allocation reinforces confidence and advances to strengthen
14 Jun Asadej Kongsiri appointed as 14th SET President
14 Jun Car4Cash launches new service point at gas station expanding access to auto refinancing in Sa Kaeo province
© 2007 - 2024 Tasang Limited, All Rights Reserved. 4.1ms