SentinelOne’s new Enterprise Risk Index (ERI) provides new evidence of the proportion of attacks that simply cannot be stopped by traditional, static, file inspection security solutions. It’s further proof that attack methods have rendered AV redundant. The ERI is intended as a resource on the commonly encountered threat vectors seen in production environments, as well as insight into the tools, tactics, and procedures of malicious attackers.
Organizations can use the ERI as a benchmark against the type and mix of threat activity appearing in any enterprise environment and offer an opportunity to step towards board-level metrics for cyber security investments.
Based on filtered data obtained from the second half of 2016 from more than one million SentinelOne agents deployed worldwide, the key findings are:
- The growing menace of in-memory attacks: in this timeframe, we found that these attacks have doubled in comparison to the infection rates of file based vectors.
- Endpoint protection technology that is agnostic to threat vectors will be increasingly important as new attack methods become mainstream, evidenced by the trend in in-memory attacks.
- Even for file-based attacks we can’t rely on AV: the report highlights that only 20% of threats had corresponding signatures from existing AV engines.
Our hope is that organizations can use this to improve risk acumen into those threats that are successful in reaching the final barrier in enterprise defences at a SentinelOne agent. It is a reality check and a catalyst to audit investments made in cyber security and its expected results.