Skip to content

The 2023 Active Adversary Report for Security Practitioners – Sophos News

We present the Active Adversary Report for Security Practitioners, analyzing data amassed by Sophos’ Incident Response team from the six quarters ending June 2023. This report focuses on actionable findings for security practitioners, who are responsible for the finer details and actionable intelligence to protect organizations. The report includes key takeaways such as the importance of system hygiene, the need to slow down speeding attacks, and the role of threat hunters and responders. The data for this report comes from 232 cases from January 2022 to June 2023, including information from X-Ops’ Managed Detection and Response team. The report delves into the roles of threat hunters, analysts, and incident responders, highlighting their importance in identifying and mitigating threats. Threat hunters assume breach and systematically search for existing threats in the environment, while incident responders reactively investigate breaches and active attacks. The report explores the decline in dwell time for attacks, particularly ransomware attacks, and highlights that faster attacks do not have significant markers that would warrant a change in defense strategy. The data shows a decline in longer attacks, with most attacks occurring within nine days or less of initial access. The report concludes by emphasizing the need for organizations to stay vigilant and adapt their defense strategies to address evolving attack techniques.

Leave a Reply

Your email address will not be published. Required fields are marked *