Survey on Top Threat Detection Trends Reveals Surprising Findings
Attivo Networks Blogs

Attivo Networks® Survey on Top Threat Detection Concerns and Trends Reveals Surprising Findings

Attivo Networks

Deception Technology and IDS Named Most Concerning Security Controls for Cyberattackers

Fremont, CA— December 12, 2018— Attivo Networks®, the award-winning leader in deception for cybersecurity threat detection, today announced the results of the company’s 2018 Top Threat Detection Concerns and Trends Survey. This survey reveals new insights about top information security concerns related to detecting and stopping attackers, identifying which technologies are impacting attackers, shifts in time to detection, and technologies being used to impact this change. The company surveyed more than 450 cybersecurity professionals and executives globally to gain insights into detection trends, top threat concerns, attack surface concerns, and what’s on their 2019 security wish list.

Overall, the survey highlighted that the battle to keep cyber attackers from successfully compromising networks is not working. Over 50% of respondents reported that 100 days of dwell time or more was representative of their organization, while nearly half of respondents indicated that their mean time to detection was plateauing or increasing. Surprisingly, malware and ransomware (61%) topped the charts of concern, despite available anti-virus, firewall, and other prevention technologies. Gaps in efficacy of prevention solutions were also highlighted with credential theft (52%) and targeted attacks (50%), which are renowned for bypassing these controls, stated as top respondent concerns.

The survey also reinforced that the battle is now shifting inside the network. In fact, 23% of respondents reported that they are now spending more on detection than prevention security controls. One of the most interesting and somewhat surprising findings was that surveyed defenders felt that attackers are most concerned about threat deception technology (55%) and NextGen Firewalls (NGF)/ intrusion detection system IDS (56%). This would indicate that NGF/IDS is viewed as an effective way to detect and stop known threats, whereas deception is the technology that respondents felt that attackers believe will detect unknown threats, their attacks regardless of attack vector, and when they use techniques that are not reliably detected by preventative tools. Interestingly, the respondents were least concerned about UEBA (15%) out of all categories.

The survey results also revealed that:

  • Detecting threats is problematic and high dwell times are the result: In fact, 32% of respondents indicated that their mean time to detection is increasing. One of the more surprising and troubling findings was that 23% of organizations are not tracking dwell time metrics, which would point to a naivete that a 100% perimeter security posture is effective.


  • Malware/ransomware attacks remain a top concern; but targeted attacks are also a major concern: Despite significant investments in perimeter defenses, 61% of respondents remain concerned about malware and ransomware. Social engineering, credential theft, and targeted attacks were not far behind with 58%, 52%, 50% respectively. Notably, 20% of respondents flagged cryptomining attacks as a top concern.


  • Deception is rivaling IDS and next-generation firewalls among detection controls most concerning to threat actors: A majority of participants believe that the detection controls that most concern threat actors are deception technology, IDS/next-generation firewalls. These ranked significantly above monitoring and other detection tools. Additionally, threat actors are believed to be least concerned about IAM (19%) and UEBA (15%).


  • Cloud security raises the highest concern as an attack surface: Cloud (62%) and endpoint (54%) were captured as the top concerns and priorities for security teams, but notably concern across all attack surfaces remains high. Non-standard attack surfaces appeared as growing concerns for participants with 35% concerned about network and telecommunications infrastructure and 34% related to securing specialized environments such as ICS/SCADA and IoT.


  • Attackers are concerned about and increasingly expecting deception technology: Rudimentary deception technology is built on the element of surprise and relies on the attacker accidently tripping across a decoy. Findings indicated that attackers would not be expecting deception 39% of the time, in which case surprise will work. Interestingly, 42% of respondents indicated that attackers were always or frequently expecting deception in the network. This points to the growing number of deception deployments and the need for organizations to use more advanced deception technology that goes beyond basic emulation or primitive lures.


Collectively, the survey results affirm a growing demand for in-network detection that works reliably across existing and emerging attack surfaces and is effective against all attack vectors. Although, given the scope of this survey, attack response was not covered in depth, it can be extracted that organizations need better visibility into how an attacker infiltrates the network, how they are attacking, and what they are after. Detection technologies that also remove the complexity of collecting and correlating attack information and getting to root cause analysis will equip these organizations to not only efficiently detect, but also remediate threats quickly. Deception technology and NGF/IDS appear as favored technologies for addressing detection challenges and together will have an impact on an attacker’s ability to conduct a successful breach. Given the survey findings, it was also not surprising to see deception technology at the top of respondents’ 2019 security wish list

“Cyberwarfare has changed, and it is encouraging to see organizations actively shifting their focus to an in-network defense,” said Tushar Kothari, CEO of Attivo Networks. “With advanced detection technologies like deception, organizations now have the ability to quickly stop an attack, and better understand the attacker for fortifying defenses. It is gratifying to see the progress made by deception technology and that cyberdefenders are recognizing the value this technology delivers to organizations of all sizes.”

Survey Methodology

The survey was fielded from August to December 2018, with participants in North America, EMEA, and Asia/Pacific representing predominantly midsize and large firms across 19 industry sectors.

A complete summary of the survey results is available in the Top Threat Detection Concerns and Trends Report.

About Attivo Networks

Attivo Networks®, the leader in deception technology, provides an active defense for early detection, forensics, and automated incident response to in-network attacks. The Attivo ThreatDefend™ Deception Platform provides a comprehensive and customer proven platform for proactive security and accurate threat detection within user networks, data centers, clouds, and a wide-variety of specialized attack surfaces. The portfolio includes expansive network, endpoint, application, and data deceptions designed to efficiently misdirect and reveal attacks from all threat vectors. Advanced machine-learning makes preparation, deployment, and operations fast and simple to operate for organizations of all sizes. Comprehensive attack analysis and forensics provide actionable alerts, and native integrations that automate the blocking, quarantine, and threat hunting of attacks for accelerated incident response. The company has won over 65 awards for its technology innovation and leadership. For more information, visit

# # # #


Loren Guertin & Christina Spoehr
Matter Communications for Attivo Networks

Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Ready to find out what’s lurking in your network?

Scroll to Top