Managed detection and response in 2021
2022-5-26 19:0:55 Author: securelist.com(查看原文) 阅读量:20 收藏

Publications

Publications

minute read

Kaspersky Managed Detection and Response (MDR) helps organizations to complement existing detection capabilities or to expand limited in-house resources to protect their infrastructure from the growing number and complexity of threats in real time. We collect telemetry from clients’ networks and analyze it using machine learning and artificial intelligence, plus human threat-hunting analysts. Kaspersky SOC investigates alerts and notifies the client if there is something bad going on, providing response actions and recommendations.

MDR in 2021 in numbers

In 2021:

  • Kaspersky MDR received 414K alerts.
  • 74% of received alerts were processed by SOC analysts, 6.67% of which were related to real incidents reported to customers via the MDR portal
  • 4% of all incidents are related to only one alert
  • 14% of incidents were high-severity, 66% medium-severity, and 20% low-severity
  • The average identification time of high-severity incidents was 41.4 minutes
  • 7% of high-severity incidents were targeted attacks; 18% were ethical offensive exercises (penetration testing, red teaming etc.)
  • Most incidents were detected at the initial access (27.3%) and lateral movement (16.3%) stages
  • Most often high-severity incidents were detected in IT (39%), industrial (30.2%), and financial (29.1%) organizations
  • The LOL binaries most often used by attackers were cmd.exe, powershell.exe, and rundll.exe

To get the full Kaspersky Managed Detection and Response 2021 report, please fill out the form below.

  • Reports

    This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

    We recently discovered a Trojanized DeFi application that was compiled in November 2021. This application contains a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a full-featured backdoor.

    At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41.

    It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income.


    文章来源: https://securelist.com/managed-detection-and-response-in-2021/106540/
    如有侵权请联系:admin#unsafe.sh