Saturday 19 / July / 2025
Muscat: Research based on the analysis of incidents reported to customers of Kaspersky Managed Detection and Response (MDR) has revealed that Security Operations Center (SOC) analysts discovered more than three high-severity incidents with direct human involvement every day in 2022.
The efficiency that external specialists provided while dealing with cybersecurity solutions and the requirements of special knowledge were the main reasons for the companies to outsource external experts in 2022. To address the lack of gaps in expertise among IT Security professionals and provide them with insights into the current threat landscape, Kaspersky analyzed anonymised customer incidents detected by its MDR service.
Kaspersky’s annual Managed Detection and Response Analyst Report showed that high-severity incidents required an average of 43.8 minutes to be detected by Kaspersky MDR. Due to an increase in human-driven attacks, this processing time grew by approximately 6 per cent compared to the previous year, as they take up more SOC analyst time.
Regarding the nature of such incidents, 30 per cent of them were associated with APTs, 26 per cent accounted for malware attacks, and just over 19 per cent resulted from“ethical hacking” (pen tests, red teaming or any other types of cyber exercises conducted in customers’ infrastructures either for the security assessment of IT systems or to test the operational readiness of the MDR service). The proportion of incidents involving publicly available critical vulnerabilities and the detection of traces of previous attacks involving humans was around 9 per cent. The remaining incidents resulted from the successful use of social engineering techniques or were linked to insider threats.
‘The MDR report shows that sophisticated attacks driven by humans continue to grow. They require more resources to be investigated and they take up more of SOC analyst time as this type of attack lends itself to automation to a lesser degree. To detect these attacks efficiently we recommend companies to implement comprehensive threat hunting practices combined with classic alert monitoring,’ comments Sergey Soldatov, Head of Security Operations Center, Kaspersky.
