Blumira Resources & Blog

Blumira 2022 State of Detection and Response Report

Written by Erica Mixon | May 25, 2022 1:02:18 PM

Report aggregated data from hundreds of organizations to identify key threats affecting organizations today

ANN ARBOR, Mich., May 25, 2022 – Blumira, a leading cybersecurity provider of automated threat detection and response technology, today released the 2022 State of Detection and Response Report, a new research report that analyzed Blumira’s security detections across log datasets of 230 organizations. The report revealed identity-based attacks and living off the land behaviors as top threats organizations faced in 2021.

Blumira released this report under the backdrop of an increasingly challenging threat landscape, with ransomware, software supply chain attacks, data breaches, and more becoming an almost daily occurrence. Attacker dwell time is also decreasing; ransomware attacks happen quickly from initial compromise to infection and deployment. 

According to IBM’s 2021 Cost of a Data Breach Report, the average time to detect and respond to a breach is 287 days. Breach lifecycles that take longer than 200 days result in major impact and 35% higher breach costs for organizations, pointing to the need for solutions that provide faster time to detect and respond, including initial deployment. 

“Organizations, especially small and medium-sized businesses, need help with faster detection and response to keep up with latest threats and protect against breaches,” said Jim Simpson, CEO of Blumira. “Expediting time to security for faster response is key to better overall security outcomes.”

An analysis of Blumira’s average time to detect a threat was 32 minutes, while the average time to respond, or how quickly an organization closed out a finding, was six hours. Compared to the industry average, Blumira’s time to detect and to respond is 99% faster. 

Research Key Findings 

Identity-based attacks surged. Access attempts were a common theme, as the pandemic forced many organizations to move to cloud services to support their remote employees. For organizations without a solid understanding of their exposed attack surface, moving to a cloud environment only highlighted that knowledge gap. Threat actors take advantage of those knowledge gaps by exploiting, misusing or stealing user identities. 

Attempts to authenticate into a honeypot, or a fake login page designed especially to lure attackers, was Blumira’s #1 finding of 2021. Identity-driven techniques accounted for three out of Blumira’s top five findings at 60%.

Cloud environments are particularly vulnerable to identity-based attacks such as credential stuffing, phishing, password spraying and more. Rapid detection of these attacks can enable organizations to respond and contain an identity-based attack faster, helping stop an attack from progressing further. 

Living off the land techniques are a common threat. Research also observed usage of living off the land (LotL) techniques, or threat actors leveraging built-in tools that make it appear as though they are legitimate users within an organization’s environment.

Among Blumira’s top findings were various instances of living off the land techniques, including: service execution with lateral movement tools, PsExec use and potentially malicious PowerShell commands.

Taking place over days or weeks, these types of attacks can go undetected by endpoint detection and response (EDR) solutions that rely on the detection of known malicious tools. By that time, it may be too late—for example, when an attacker introduces malware into the environment.

Microsoft 365 Activity. Microsoft 365 is one of the most popular cloud productivity suites, and Blumira’s findings revealed patterns of Microsoft-related activity, including activity associated with password spraying, lateral movement and business email compromise.

SIEM Adoption in 2022

Investing in solutions that provide faster time to detect and respond, including initial deployment, can result in lower costs for organizations. In keeping with market needs, Blumira recently launched the industry’s only free, self-service cloud security information and event management (SIEM) for Microsoft 365; and new paid editions that enable IT teams of all sizes to close security gaps and achieve rapid time to security.

To download the full report, click here.

Visit Blumira at RSA

Blumira will be exhibiting and offering demos of the free edition at booth #3222 in the South Expo hall at the 2022 RSA Conference, located at the Moscone Center in San Francisco, CA from June 6-9. Blumira’s Lead Incident Detection Engineer Amanda Berlin is speaking in two sessions at RSAC, including What is Zero Trust? What ISN’T Zero Trust? Let’s Make Sense of This! and Getting The Most Out Of Sysmon.

For more information about Blumira, please visit https://www.blumira.com

About Blumira

Blumira is a leading cybersecurity provider of automated threat detection and response technology. Blumira’s mission is to make security accessible to organizations of all sizes. Founded in 2018, Blumira’s cloud security platform helps organizations with limited security resources to detect and respond to cybersecurity threats faster to stop ransomware and data breaches. The all-in-one solution is quick to deploy, easy to implement, and integrates broadly across cloud and on-premises technology to provide coverage for hybrid environments. Blumira was recognized by G2 as a Momentum leader, ranked as ‘Best Support’ ‘Most Implementable,’ and ‘Easiest to Use’ in the G2 Spring 2022 Grid® Reports.

Media Contact:

Katherine Benfield 

Lumina Communications for Blumira

Blumira@luminapr.com