Attivo Networks Blogs

Detection Budgets Rising Fast

By Carolyn Crandall, CMO

This blog has regularly covered the alarming rise in security breaches over the last two years, and the assumption that most security teams are now aware that their prevention solutions are not enough to protect their companies. One measure organizations are taking is the shift in spending on detection solutions versus prevention solutions. In fact, a number of analyst firms have indicated that this balance would be closer to 70/30 in 2017 and would take several more years to hit 60/40.

According to our survey, their current budgets have shifted and are now split evenly between detection and prevention solutions. That’s a far cry from the 25% allocation detection budgets have traditionally received.

Attivo Networks commissioned Forrest W. Anderson Research to conduct a survey in October and November of last year during IANS conferences in Boston, Philadelphia, Atlanta and Los Angeles to determine any change in the budgeting for detection versus prevention security solutions from 2015. Security executives representing more than seven industry sectors in the U.S. attended presentations given by Attivo during the conferences and were asked to fill out surveys.

The full findings are in the 2016 Survey of In-Network Attack Detection and Response (hyperlink to website) but the top line results showed that nearly 80% of those surveyed feel they are at risk of a security breach and only half feel their security defenses are reliably stopping threats from getting into their networks. In fact, three quarters are more concerned about in-network threat detection than in 2015.

These numbers validate that organizations are adopting a security posture that assumes a breach and are now looking to reform their security infrastructure with tools that provide better visibility into in-network threats and post infection detection and response.

Detecting in-network threats can be challenging, however, because of limited visibility, as well as the complexity and resource intensity of correlating attack information and incident response. Alert fatigue is also a common challenge and is driven by many detection solutions generating more alerts than security teams can address. The most common cited issues were:

  • Limited resources to respond. In fact, 65.2% indicated they agreed (42%) or strongly agreed (23.2%) with this.
  • Correlating attack information and activity accurately is too resource intensive (59.2%)
  • Too many false positives (52.2%)
  • Lack of visibility to threats inside their network (54.5%)

The survey went on to explore the challenges faced by organizations implementing detection as a security solution, which included more logs and data to manage, the number of false positives generated, lack of trained resources, too complex or time consuming to manage, more tools to manage and lack of budget.

The concept of deception-based threat detection was introduced in the survey and we were pleased to see that of the respondents looking for new detection solutions, 60% agree, 11% strongly agreed, that they would consider deception-based detection for in-network threats.

Finally, while it is true there are challenges to detecting in-network threats that are covered in the survey, it also points out agreement that insights into how incident response can improved are significant benefits of detection solutions. Modern detection solutions are entering the market to meet this opportunity for more accurate detection and more efficient incident response. New approaches such as deception technology are also demonstrating that they can eliminate many of the top challenges security executives face in implementing detection as a security solution. Deception-based detection appears to be catching the interest of organizations with, as I mentioned earlier in this blog, over 60% indicating they would consider deception-based detection for in-network threats.

Attivo Networks will continue to track additional changes in budget allocations and the speed of adoption and implementation of detection security solutions. More information on deception technology can be found at and customer case studies and videos can be found at

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

two × three =

Ready to find out what’s lurking in your network?

Scroll to Top