Enterprise Management Associates research confirms importance of packet capture for cyber defence

One of the significant findings from Enterprise Management Associates’ (EMA) recent report entitled ‘Unlocking High Fidelity Security 2019’ is that organisations using full packet capture are better prepared to battle cyber threats. The report highlights that the visibility and accuracy of packet capture data provides the best source of certainty for threat detection, and also notes that the adoption of full packet capture has accelerated over the past 12 months.

The document concludes: “…it’s clear that those using packet capture as part of their normal tool set…were more confident in the telemetry they received about their environments. They had shorter breach detection and response time and they had more confidence in their workflows and processes,” and “…this creates a very strong story for the use of packet capture as one of the staples in the security program.”

PacketCapture

Other key findings in the report include the following:

*Respondents from enterprises using packet capture rated themselves “wholly comfortable with the current cyber security risk level” in their organisation – nearly one-third more often than those using flows, and 14% more often than those using endpoint or network, app and systems logs

*Respondents using packet capture had the highest confidence that they were detecting viable threats at the reconnaissance stage when evaluating the ability to detect attacks against Lockheed Martin’s Kill Chain model. The report adds: “This is the first stage and least costly when the attack is stopped at that point.”

*Nearly two-thirds (60%) of respondents reported that network data is more valuable for early breach detection than endpoint data (40%)

*Respondents deploying packet capture rated themselves “outstanding” in preventing and quantifying breach scope far more than those using other telemetry methods

“The research in EMA’s report confirms that organisations not only see the value of packet data as a definitive source of evidence, but are more confident when using packet capture to detect, prevent, analyse and respond to data breaches,” said Stuart Wilson, Endace’s CEO. “These findings reflect what we see in the market. Enterprises are increasingly recognising the vital importance of full packet capture in enabling them to correlate security telemetry, keep their networks secure and improve productivity. Packets provide certainty about what’s actually happening on the network, and that enables organisations to respond confidently to threats.”

A summarised report focusing on packet capture is available for download at (https://www.endace.com/esearch-reports/ema-2019-research-report-download.pdf). The full report can be found at: https://www.enterprisemanagement.com/research/asset.php/3773/Unlocking-High-Fidelity-Security-2019

Leave a comment

Filed under Risk Xtra

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s