Security Connected

The 2014 Verizon DBIR Report: Time-to-Compromise vs. Time-to-Discovery

By on May 08, 2014

Among the mounds of information the 2014 Verizon Data Breach Investigations Report (DBIR) provides us, a single figure tells the sad story when it comes to comparing between the time it takes to successfully breach a target and the time it takes to discover the compromise.

Source: Verizon DBIR 14 Figure 13

Figure 13 of the report illustrates how long it takes the bad guys to compromise a target versus the time it takes the good guys to detect it. The graph represents data over a time period of the last 10 years of discovered and detected incidents.

The gap is staggering.

In most cases the bad guys needs hours to compromise (more then 75% of the cases) where the good guys rarely get their job done in less then months (only about 25% of the breaches are detected in days or less).

More importantly, the graph illustrates the bad guys are getting better at a higher rate then the good guys are improving their skills and capabilities.

Staggering, as said.

The graphs are linear and therefore the data points of last year’s DBIR report can be used as reference point to a reality, which only got worst. According to the 2013 DBIR report in 80% of cases a breach was not detected for weeks. Once detection was made, the data suggests that in 79% of cases it took days or more to contain.

The reality is most organizations are unable to answer the question “Are We Exposed?” Some of the contributing factors are lack of sufficient visibility into networks and endpoints; controls, which operates in silos; threat intelligence that cannot be translated into actionable intelligence; lack of coordinated response; lack of automation and more.

My next blog post will discuss how McAfee provides adaptive threat prevention to minimize the time from encounter to containment from months to milliseconds.