A recent Dark Reading article, based on IRONSCALES’ research, found that Microsoft Office 365 Advanced Threat Protection (ATP) takes up 250 days to create phishing attack signatures. With over 60 million monthly users, this delay exposes users and their organizations to potentially devastating phishing attacks and business implications they impart.
The delay from O365/ATP is exacerbated by the fast-moving nature of today’s sophisticated phishing attacks. A report by the Aberdeen Group revealed data that suggests while organizations are slow to detect phishing attacks, users are quick to fall prey.
- The likelihood of the first user click on malicious emails occurring within 30 seconds was about 8%
- The likelihood of the first user click on malicious emails occurring within 60 seconds was about 30%
- The median time-to-first click on malicious emails was just 134 seconds
With these types of delays in protection, organizations are at real risk, and most traditional cybersecurity solutions are just too slow in detecting threats. We’ve been stating for some time now that the only way organizations can gain an upper hand in threat prevention today is with speed and automation. Aberdeen and a recent Ponemon Report both agree. As Ponemon states:
High automation organizations are better able to prevent security incidents and disruption to IT and business processes. Measures used to determine improvements in cyber resilience are cyberattacks prevented and a reduction in the time to identify and contain the incident.
The goal… shrinking the discovery deficit. We’ve seen reports that show the time between intrusion and detection fell from 26 days in 2017 to 14 days in 2018. Time to discovery was much higher in the second report at 101 days in 2017 and falling to 78 days in 2018. Regardless of the disparity between these two estimates, the good news is that these times are shrinking and some of the improvement (25%) is attributed to automated detection. The bad news is that the time from system compromise to the time when the target, or asset, is breached is just minutes. Operating undetected for 14 to 78 days – or in the case of O365/ATP up to 250 days – after compromising a system gives cybercriminals an enormous amount of time to do serious damage.
The time to discovery deficit doesn’t have to be an issue. Any organization can take the first step to reduce their exposure to fast moving phishing sites by using our Real-Time Phishing Threat Intelligence. It identifies live zero-hour threats in real-time and allows organizations to respond in real-time with automated blocking through their firewall.
In addition, our Phishing URL Analysis solution can dramatically reduce the time and effort involved in researching suspicious URLs. With more powerful real-time analysis, SlashNext detects previous unknown phishing URLs that may never be detected by other systems or found in any commercial or free phishing URL databases. And with browser-based analysis, SEER detection technology is able see through the growing variety of URL obfuscation techniques and evasion tactics.
Interested in exploring how you can reduce your time to discovery? Try SlashNext Real-Time Phishing Threat Intelligence free for 15 days.
*** This is a Security Bloggers Network syndicated blog from SlashNext authored by Lisa O'Reilly. Read the original post at: https://www.slashnext.com/the-threat-detection-deficit-microsoft-office-365-atp-raises-the-stakes/