Tag Archive for: Gartner

Why Gartner is Urging Organizations to Protect Against Identity Threats and Credential Abuse

With the growing support for a hybrid work environment and continued migration to cloud applications, Gartner is predicting an increased trend in identity-based attacks and credential abuse. Today’s cybercriminals are looking for ways to steal credentials, escalate privileges, and move laterally across an organization’s infrastructure. Given that identity compromises are present in most ransomware and supply chain attacks, identity-based attacks have become one of the top cybersecurity threats facing organizations today. That is why Gartner has declared “identity is the new perimeter” and recommends organizations invest in protecting against identity attacks or specifically Identity Threat Detection and Response solutions. 

The Password Paradigm Shift 

For many years, organizations could get by setting up strict password requirements for their users. Password best practices included using long, complex passwords and different passwords for different accounts.  

Today, there are billions of hacked login credentials are available on the dark web and cybercriminals can easily buy credentials – $150 for 400M username and password pairs. Research on password etiquette shows that 59% of people used the same password for multiple accounts and 47% of people used the same passwords at work as they do at home. With all this password duplication, it greatly increases the risk of attackers gaining access to corporate systems using a combination of corporate email and stolen passwords.   

Adding to the challenge of protecting against identity threats is the growth in SaaS applications used by businesses; this requires the number of account credentials to grow significantly and as result, employees are more likely to use passwords that can be easily guessed if they’re not just reusing the same passwords across multiple accounts. With hackers using brute force attacks and automated password cracking tools to guess combinations of usernames and passwords, password management for internal IT teams is an uphill battle. 

Finding Better Protections 

To better protect user accounts from identity attacks, organizations are implementing Multifactor Authentication (MFA). MFA requires multiple steps to verify users’ identities before accounts can be accessed. Factors include: (i) something you know (e.g. password/personal identification number (PIN)); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric). Two-factor authentication for smartphones, one of the more common applications of MFA, typically involves something you know and something you have. For example, a user PIN followed by proof of possession of the device registered with the user account. Each MFA method has strengths and weaknesses, and the choice of implementation is often a trade-off between security and usability.  

A Google research study found the success rate of MFA using an SMS code sent to a phone number helped block 100% of automated attempts by hackers to gain access, along with 96% of bulk phishing attacks, and 76% of targeted attacks. On-device prompts, a more secure replacement for SMS, helped prevent 100% of automated bots, 99% of bulk phishing attacks and 90% of targeted attacks. 

MFA enables easier ways to access accounts, such as Single Sign-On. For example, if a user logs into Microsoft 365 using MFA, they will be able to log in to all other accounts using those credentials, as their identity will have already been verified. Alongside streamlining the login process for users, MFA also saves time for IT admins and helps address compliance mandates that require strong authentication processes before employees can gain access to data. 

MFA is an Improvement, Not a Panacea 

While strong identity authentication protections, like MFA, are effective, not all organizations use these tools to protect against identity attacks. For example, a recent survey by Microsoft showed that 78% of their customers using Azure AD only use passwords without protections like MFA. Reasons why organizations do not implement authentication protections include cost, user experience, scalability, and availability of solutions for legacy applications.  

Cybercriminals are targeting larger organizations, using more sophisticated penetration techniques, and demanding bigger ransoms from successful ransomware attacks. The theft and abuse of credentials plays an important role in ransomware attacks where Microsoft’s Remote Desktop Protocol (RDP) is an attack vector, giving organizations more reasons to better protect their user accounts. 

However, even for organizations using MFA, hackers have shown they have multiple techniques that can be used to bypass this such as disabling MFA policies, attacking legacy applications that do not support MFA, using stolen private keys to sign certificates, installing a malicious app that authenticates while still controlled by the attacker, and more.  

Enter Identity Threat Detection and Response 

Identity Threat Detection and Response (ITDR), as coined by Gartner, is used to describe the collection of tools and best practices to successfully defend identity systems from endemic levels of attacks.  

A new approach is needed as other tools like, User and Entity Behavior Analytics (UEBA), have fallen short of expectations due to challenges with false positives and the lack of automated response capabilities.  

Gartner has underscored the importance of preventing compromises to protect against identity attacks. While MFA prevention tools exist, they can and will be bypassed. Organizations need to deploy more advanced threat detection tools. Threat detection is critical but not sufficient. Rapid and effective response actions are mandatory. 

Traditional approaches to security monitoring with manual incident response are often too slow to react to attacks and compromises. In addition, it can take hours to create a ticket requesting suspension of a user account increasing the risk of a data breach in the meantime. The appropriate response may vary depending on the type of account. For example, an investigation is often needed before suspending an executive user account. 

The implementation of an ITDR tools is also an important consideration as some require sensors or agents which are complicated to integrate and maintain. 

Proficio’s Solution 

Proficio’s ProSOC Identity Threat Detection and Response service detects threats to Identity and Access Management (IAM) platforms to enable a faster response to contain attacks and compromises. It is designed to work with multiple IAM platforms and leverages advanced technology combined with human-led investigations to detect threats to an organization’s IAM infrastructure. Alerts are prioritized using use case analytics, correlation rules, machine learning, and threat intelligence data.  

For better protection against identity attacks, Proficio’s automated response solution, Active Defense, can take immediate action when a high-fidelity threat is detected, quickly suspending a user account for one or more applications. While many organizations can only investigate and respond during business hours, Active Defense allows you to quickly contain identity threats providing incident responders time to further investigate before there is a serious breach. Our security advisors work with our clients to baseline event thresholds and determine how to orchestrate response actions most effectively. When an Active Defense use case is triggered, our solution can initiate an immediate account suspension or enable an incident responder to do this with a single click in alignment with your business requirements and the type of user account that is being targeted. Active Defense supports both automated and semi-automated functions, allowing incident responders to perform a double validation of a threat before initiating an account suspension through a single click in our ServiceNow portal. 

 

To find out more about Proficio’s solution view our webinar

Proficio Included in Gartner’s 2021 Market Guide for Managed Detection and Response Services for Fifth Year in a Row

Carlsbad, Calif. – October 26, 2021 – Proficio, a managed security services provider (MSSP) delivering managed detection and response (MDR) services, today announced they have been recognized once again as a Representative Vendor in Gartner’s 2021 Market Guide for Managed Detection and Response Services* for the fifth consecutive year.  

Gartner’s research estimates the market will grow to over $2B in revenue by 2025 and sees an increase in the number of MDR service providers in the market, “causing challenges for buyers looking to identify and select an appropriate provider.” In their Market Guide, they highlight the continued importance of organizations using MDR services for 24/7 Security Operations Center (SOC) capabilities, such as monitoring and threat detection, as well as finding an MDR provider who can assist with threat containment or response processes. 

“We are excited to be recognized in the Gartner Market Guide for Managed Detection and Response Services for the fifth consecutive year,” said Brad Taylor, CEO, Proficio. “As the first MDR service provider to deliver automated response service and the only on to offer clients real-time insights into their security posture, cyber risk scoring, and gap analysis, we are considered an innovator in this space. We’re proud to be continually recognized in this Market Guide and will continue to invest in our people, processes, and technology to help our clients quickly react to and contain credible threats.” 

Proficio’s utilizes an extensive library of threat discovery use cases, the MITRE ATT&CK ® framework,  machine learning-based threat hunting models, business context modeling, and an advanced threat intelligence platform to provide superior threat detection for our clients. Our clients also receive our patented ThreatInsight® gap analysis and risk scoring, which are included in our ProView™ web portal along with executive dashboards and reports. Through our global network of Modern Security Operations Centers (MSOCs), Proficio experts monitor, investigate and triage suspicious events on a 24/7 basis using either Proficio’s cloud-based Threat Management Platform or a client-owned SIEM, such as Splunk or Elastic. Proficio also offers Risk-Based Vulnerability Management (RBVM) services to prioritize vulnerabilities based on the likelihood of exploitation and the criticality of the assets at risk, and Active Defense service to automate the response to high fidelity security events. 

* Market Guide for Managed Detection and Response Services, 25 October 2020 
By Analysts: Pete Shoard, Craig Lawson, Mitchell Schneider, John Collins, Mark Wah, Andrew Davies   

 ABOUT PROFICIO 

Founded in 2010, Proficio is an award-winning managed detection and response service provider. We help prevent cybersecurity breaches by performing and enabling responses to attacks, compromises, and policy violations. Our team of experts provides 24/7 security monitoring and alerting from global security operations centers (SOCs) in San Diego, Barcelona, and Singapore. Proficio’s cloud-native Threat Management Platform uses a combination of industry leading commercial software and proprietary technology to provide clients with advanced analytics, threat intelligence, Security Orchestration, Automation, and Response (SOAR), patented risk scoring, AI-based threat hunting, Open XDR, and Risk-Based Vulnerability Management. www.proficio.com. 

Contacts:
Kim Maibaum
KMaibaum@Proficio.com

Proficio Included in Gartner’s 2020 Market Guide for Managed Detection and Response Services for Fourth Consecutive Year

Carlsbad, Calif. – September 9, 2020 – Proficio, an award-winning managed security services provider (MSSP) delivering managed detection and response (MDR), has been recognized as a Representative Vendor in Gartner’s 2020 Market Guide for Managed Detection and Response Services* for the fourth year in a row.

In their Market Guide, Gartner states that in the past year , they have seen “a 44 percent growth in end users’ inquiries into MDR services”. Gartner sees strong growth potential for the market, projecting that “by 2025, 50 percent of organizations will be using MDR services for threat monitoring, detection, and response functions that offer threat containment capabilities.”

“We are pleased to be recognized in the Gartner Market Guide for Managed Detection and Response Services for the fourth consecutive year,” said Brad Taylor, CEO, Proficio. “Proficio is an innovator in MDR services. We delivered the first automated response service, pioneered SOC-as-a-Service, and are a leader in cybersecurity business intelligence. We continue to invest in our people, processes, and technology to reduce the time to both detect threats and respond to attacks and security incidents.”

Proficio’s approach to threat detection leverages an extensive library of threat discovery use cases, the MITRE ATT&CK® framework, AI-based threat hunting models, business context modeling, and an advanced threat intelligence platform. Through our global network of Security Operations Centers (SOCs), Proficio experts monitor, investigate and triage suspicious events on a 24/7 basis. Our Active Defense service automates the response to high fidelity security events and integrates with leading security products to provide the industry’s first SOAR-as-a-Service.

* Market Guide for Managed Detection and Response Services, 26 August 2020

By Analysts Toby Bussa, Kelly Kavanagh, Pete Shoard, John Collins, Craig Lawson, Mitchell Schneider

ABOUT PROFICIO

Founded in 2010, Proficio is an award-winning managed security services provider (MSSP) delivering 24/7 security monitoring and alerting, managed detection and response (MDR), and cybersecurity services through global security operations centers in San Diego, Barcelona and Singapore. Proficio’s innovative approach to managed cybersecurity services uses proprietary processes, experienced security analysts, and the industry’s most powerful technologies to help organizations defend against advanced threats.

Contacts:
Kim Maibaum
KMaibaum@Proficio.com

Proficio Named in Gartner’s 2019 Market Guide for Managed Detection and Response Services for Third Consecutive Year

GLOBAL MANAGED SECURITY SERVICES PROVIDER RECOGNIZED AS REPRESENTATIVE VENDOR IN THE REPORT

Carlsbad, Calif. – July 25, 2019 – Proficio, an award-winning managed security services provider (MSSP) delivering managed detection and response (MDR), has been recognized as a Representative Vendor in Gartner’s July 15, 2019 “Market Guide for Managed Detection and Response Services” for the third year in a row. The report states, “MDR services add 24/7 threat monitoring, detection and response capabilities to security operations capabilities via an outcome-oriented approach. Security and risk management leaders should use this research to determine if MDR services are a good fit for their goals, use cases and requirements.

According to Gartner, “the MDR market continues to grow, and Gartner clients are gaining increasing awareness of the market. Gartner observed a 35% growth in inquiry on the topic over the last 12 months and estimates the market grew 20% year over year to approximately $600 million in 2018.” The report also predicts that “by 2024, 25% of organizations will be using MDR services, up from less than 5% today.”

“We are proud to be included in the Gartner Market Guide for Managed Detection and Response Services for the third consecutive year,” said Brad Taylor, CEO, Proficio. “MDR services have always been a focus of our cybersecurity services and we will continue to innovate in this area through leveraging machine learning, big data, and the cloud.”

Proficio’s approach to managed security services delivery is changing the way organizations defend against advanced threats and prevent security breaches. By offering around-the-clock MDR services, Proficio’s customers have unprecedented visibility into their networks and cybersecurity posture, and the peace of mind that their data is protected 24/7.

*Gartner, Market Guide for Managed Detection and Response Services, Toby Bussa, Kelly Kavanagh, Sid Deshpande, Craig Lawson, Pete Shoard, 15 July 2019

Gartner Disclaimer
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

ABOUT PROFICIO

Founded in 2010, Proficio is an award-winning managed security services provider (MSSP) delivering 24/7 security monitoring and alerting, managed detection and response (MDR), and cybersecurity services through global security operations centers in San Diego, Barcelona and Singapore. Proficio’s innovative approach to managed cybersecurity services uses proprietary processes, experienced security analysts, and the industry’s most advanced technologies to help organizations defend against advanced threats. Proficio pioneered the concept of SOC-as-a-Service and was the first MSSP to automate threat containment and to provide a security dashboard with threat scoring.

Contacts:
Kim Maibum
KMaibaum@Proficio.com