by Anton Chuvakin | February 19, 2016 | Comments Off on My Detection Confidence Survey Results
A few weeks ago I posted a quick one-question survey on threat and compromise detection. I asked “Imagine that you have clearly identified top 3 critical information assets (systems, documents, databases, etc) that your organization has, what is your confidence level that you will detect a compromise of one of these assets by a malicious party within 7 days from the compromise event?”
Here is what came out:
Total responses: 85
Comments? Here are a few:
- If you laser-focus your detection defenses [on just top 3 assets, in this example], you can actually score a WIN. Reduce what you watch – and win!
- It seems that this survey was phrased in a way to really summon the spirit of optimism in security. Those voting “<50% chance to detect” were in the minority [44.7% of you] while “>50% chance to detect” [55.2% of the respondents] are in the majority. Rejoice the security community!
- I was 100% sure that nobody will answer “100% sure to detect”, yet some did. Sure, you can hypothesize that those are all vendors, but maybe not: I think if you have only 3 eggs in your “critical eggs” basket, you CAN watch it really well and gain surety of detection….
- Still, “<5%” has a spike. Think about it. This is the domain of the appropriately paranoid and/or severely under-resourced, IMHO.
There you have it – have fun with it! More one-question polls coming soon.
Possibly related blog posts:
- My DLP Survey Results
- Anti-malware Effectiveness Perception Survey Results: Irony Strikes Back
- Security Incident Response Survey Results
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.