Mastering Post-Breach Response - Tech Talks #107

In this Tanium Tech Talks episode, host Ashley McGlone speaks with Director of Technical Product Management Thomas Akin, who has 30 years of experience working with incident response technology, about eye-opening industry research on current attack trends and their implications for incident response strategies that Thomas recently presented at Black Hat USA 2024.

We share these insights and discuss what’s needed for organizations to achieve true defense in depth in response to the challenges posed by the current cybersecurity landscape — a must-watch episode for anyone in the security field, especially those new to the industry.

Key findings

• Security investments are not paying off: Despite all the growing investments in internal tooling, over 50% of incidents are discovered externally (by attackers, the FBI, and other third-party organizations).
• Rapid emergence of vulnerabilities: A new CVE is released every 17 minutes, with half of those CVEs being of high or critical severity, according to Skybox Security’s Vulnerability and Threat Trends Report 2024.
• Widespread code flaws: A recent analysis by Veracode in 2024 showed that 63% of the applications they reviewed had first-party code flaws, and 70% had third-party code flaws.
• Prevalence of known and zero-day exploits: IBM’s 2024 Cost of a Data Breach report showed that only 6% of the incidents last year were due to known exploits, and 11% were due to zero-day exploits.
• Common attack vectors: Phishing, stolen credentials, cloud misconfiguration, insider threats, and prior compromises make up 40 to 50% of the ways attackers are getting into organizations, as determined by IBM’s 2024 Cost of a Data Breach report. Data from Mandiant’s M-Trends 2024 Special Report confirms these statistics.
• Improving efficiency with Tanium: Using Tanium, the average time to find one specific file across 1 million endpoints with an average of 13 billion files and 125 million processes is under five minutes, with the average time to execute custom remediation on those endpoints under 10 minutes.

Watch the full video for additional insights and explanations on how Tanium addresses these challenges by providing real-time data, speed, and flexibility, enabling organizations to respond to incidents quickly and efficiently. With its ability to gather and analyze data from millions of endpoints in minutes, Tanium Incident Response and integrated capabilities like Tanium Guardian significantly reduce the time spent waiting for information, which is crucial in minimizing the impact of security breaches.