This report sets itself apart with our proprietary data and insights derived from comprehensive detection coverage coupled with human-led expert investigation and confirmation of threats. The data that powers Deepwatch results from thousands of expert investigations across hundreds of thousands of protected systems. This report examines the broader landscape of threats that leverage techniques and other tradecraft. We also track specific threats associating malicious or suspicious activity with a new or existing threat activity cluster, specific malware variants, abuse of legitimate tools, and known threat actors. ATI continually tracks and analyzes threats throughout the year, publishing weekly threat intelligence reports.

There is a new security reality facing mid-sized business leaders and security professionals today. In this guide, you’ll find answers to these challenges and how an MDR solution can help you efficiently maximize security investments and effectively manage security risks to your business.

In our annual Threat Report, the Deepwatch Adversary Tactics and Intelligence (ATI) team provides data on the leading cybersecurity threats that SOC security analysts faced in 2022, and offers predictions of what teams will likely face in 2023. With analysis from ATI research and Deepwatch customer engagements, we review the types of volumes of threats, look at the challenges in visualization and identification, and consider what lingering or growing threats SOC teams should prioritize.

The Deepwatch SecOps Pulse Survey research shows that security teams are more focused on improving response capabilities over detection improvements. This speaks to rising threats and an expanding attack surface that makes attacks nearly inevitable, forcing teams to prioritize limited resources.

In 2021, the industry saw a transition into threat actor separation of duties, with an increase in groups focused on obtaining and selling access to victims (Initial Access Brokers). In observing this trend, Deepwatch has taken note of the proliferation of Initial Access Brokers and how it correlates with a shift in focus, away from specific industries and towards attacks of opportunity. As this trend continues, more emphasis must be placed on risk management of organizations’ internet exposure.