For its latest report, Vectra analyzed data from 120 customer networks comprised of more than 1.3 million hosts over the first quarter of 2016. All organizations showed signs of targeted attacks including internal reconnaissance, lateral movement or data exfiltration. Of the 120 participating organizations, 117 detected at least one of these behaviors during each month of the study.
Despite that nearly 98 percent of organizations detected at least one behavior per month during the three-month period, researchers found that fewer detections were observed deeper in the kill chain. As an example, data exfiltration – which is by far the most dangerous behavior – was the lowest of all categories at 3 percent.