Categories
SpyCloud Awards SpyCloud Products

SpyCloud Wins Best of Show Award for ATO Prevention at Finovate Fall 2017

We’re pleased to announce that SpyCloud has won the “Best of Show” award at Finovate Fall 2017.  The competitive pool included more than 70 companies that demoed their technology to leaders in the financial sector to discuss breakthrough banking, financial and payments technology in a four-day event series.  You can see our 7 minute presentation here:

“There was a very competitive application pool for this year’s show, and those chosen to present on stage represent the cutting edge of fintech technology,” said Greg Palmer, VP of Finovate.  “SpyCloud’s offering is a strong example of the type of exciting cyber security technology and fintech solutions that solve a real issue for financial institutions and their customers.”

 

SpyCloud’s presence at FinovateFall 2017 marks the second time this year SpyCloud was selected to present at a conference for its account takeover (ATO) prevention service after winning the 2017 NATO Defense Innovation Challenge in April.

“FinovateFall has established itself as a premier event in the financial services industry and we are honored to have been selected to participate in this Fall’s event,” said CEO Ted Ross.  “Our offering is a seamless complement to fintech enterprise security teams to help stop account takeover attacks from happening to their employees and customers.”

About SpyCloud
Powered by a world-class team of researchers and industry veterans, SpyCloud helps businesses of all sizes proactively stop account takeover.  Currently millions of customers and employees around the globe are being protected by SpyCloud through their clients whose security staff are proactively alerted when their employee, company and consumer assets are being traded in the underground.  For more information, please visit spycloud.com.

Categories
SpyCloud News

SpyCloud Appoints Cisco and Thales e-Security Executives to its Board of Directors

SpyCloud welcomes two cybersecurity industry veterans to the team

AUSTIN, Texas, Sept. 11, 2017 /PRNewswire/ – SpyCloud, the pioneer in breach discovery and credential recovery, has appointed John N. Stewart, SVP, Chief Security and Trust Officer of Cisco, and Alan Kessler, President and CEO of Thales e-Security to its Board of Directors. SpyCloud announced the new members on stage at FinovateFall 2017, an annual event showcasing cutting-edge banking, financial and payments technology.

SpyCloud brings these highly-coveted members to its Board as it rolls out new account takeover (ATO) prevention capabilities. “As we continue the momentum to becoming leaders in ATO prevention, we’re excited to leverage Kessler and Stewart’s business acumen and leadership,” said Ted Ross, CEO and Co-Founder of SpyCloud. “They both bring vast industry knowledge and expertise which will help us capitalize on new opportunities in the market.”

The bios of SpyCloud’s new Board appointments:

John N. Stewart – In John’s role as SVP, Chief Security & Trust Officer at Cisco, he aides the industry leading, multibillion-dollar security business, oversees the functions protecting Cisco and its public and private customers, and contributes to effective practices across the security industry. Throughout his career, John has invested in, and served as a Board Director for, multiple startup companies.

Alan Kessler – As CEO of Thales e-Security, Alan is responsible for leading a world-class team of data security professionals in its mission to be the undisputed leader in advanced data security solutions, delivering trust wherever information is created, shared or stored. Alan became CEO of Thales e-Security following the acquisition of Vormetric Data Security by Thales Group. He joined Vormetric in 2012 with the firm belief that the company had the potential to be a data security front runner.  

About SpyCloud

Powered by a world-class team of researchers and industry veterans, SpyCloud helps businesses of all sizes prevent account takeovers by proactively alerting security staff when their employee, company and consumer assets are being traded in the underground. SpyCloud’s automated ATO prevention capabilities have already helped companies protect millions of customers worldwide.  For more information, please visit spycloud.com.

Categories
SpyCloud News

SpyCloud Chosen to Demo Cutting-Edge Account Takeover Prevention at FinovateFall 2017

Annual fintech conference calls on cybersecurity experts to present underground monitoring insight to an audience of industry veterans

AUSTIN, Texas, Aug. 24, 2017 /PRNewswire/ — SpyCloud, pioneers in breach discovery and credential recovery, will showcase its solution at this year’s FinovateFall conference.  Executives from SpyCloud’s world-class team of cybersecurity experts will use their deep-seated industry knowledge to demonstrate how to keep employee and customer financial information secure from cyber criminals.

“Our tradecraft gives our clients access to data that is actively being traded in the underground,” said Ted Ross, Co-Founder and CEO of SpyCloud.  “This new level of exposed credential visibility enables our partners to save millions of dollars in annual fraud losses from compromised employee and customer accounts.”

Finovate brings together leaders in the financial sector to discuss breakthrough banking, financial and payments technology in a four-day event series. “There was a very competitive application pool for this year’s show, and those chosen to present on stage represent the cutting edge of fintech technology,” said Greg Palmer, VP of Finovate.  “SpyCloud’s offering is a strong example of the type of exciting cyber security technology and fintech solutions that solve a real issue for financial institutions and their customers.”

SpyCloud’s presence at FinovateFall 2017 marks the second time this year SpyCloud was selected to present at a conference for its account takeover (ATO) prevention service after winning the 2017 NATO Defense Innovation Challenge in April.

“FinovateFall has established itself as a premier event in the financial services industry and we are honored to have been selected to participate in this Fall’s event,” said Ross.  “Our offering is a seamless complement to fintech enterprise security teams to help stop account takeover attacks from happening to their employees and customers.”

About SpyCloud
Powered by a world-class team of researchers and industry veterans, SpyCloud helps businesses of all sizes proactively stop account takeover.  Currently millions of customers and employees around the globe are being protected by SpyCloud through their clients whose security staff are proactively alerted when their employee, company and consumer assets are being traded in the underground.  For more information, please visit spycloud.com.

Categories
SpyCloud News

SpyCloud Adds Industry Veterans to Leadership Team

July 19th, 2017 — Austin, Texas – SpyCloud, a pioneer in breach discovery, announced the addition of Alen Puzic as its Chief Technology Officer.   Most recently, Alen founded PwnedList, a startup that focused on protecting customers by alerting them of their risk exposure resulting from 3rd party breached credentials. PwnedList was acquired by InfoArmor in 2013, where he served as VP of Development until 2016.

“I’m proud to be joining an industry leader like SpyCloud,” said Puzic. “I look forward to adding value to the innovative breach discovery solutions that SpyCloud has introduced to the market.”

SpyCloud is also excited to share that Jason Lancaster has joined SpyCloud as Director of Security Research.  Prior to SpyCloud, Jason was a security architect at cloud security start-up CloudPassage, and Manager of Field Intelligence at Hewlett Packard Enterprise Security Research.

“Alen and Jason are key additions to our team,” commented Ted Ross, CEO of SpyCloud. “They are both recognized industry thought leaders who can instantly help SpyCloud at this time of our evolution and growth.”

About SpyCloud

SpyCloud is a pioneer in breach discovery. We strive to help businesses of all sizes mitigate data breaches by proactively alerting when employee or company assets have been compromised.  We accomplish this through our early-warning breach detection service powered by a world-class team of intelligence analysts.  For more information, please visit www.spycloud.com.

 

Categories
SpyCloud News

CyberDefenses Integrates SpyCloud into New Credential Tracking Service

On June 13, CyberDefenses Inc. announced the availability of their new Credential Tracking Service (CTS), which integrates SpyCloud early-warning breach technology into its existing solution.

CyberDefenses’s CTS is the first service of its kind that proactively identifies corporate credentials in breaches and matches them to an affected employee’s user profile. CTS utilizes SpyCloud’s proprietary datasets to connect to a customer’s Identity Management infrastructure, allowing near real-time detection of any compromised assets specified by the customer.

This integration allows organizations who use CTS to automatically identity compromised user credentials outside of their perimeters and to perform necessary remediation actions before adversaries get in. Whether “remediation” means revoking access from certain accounts or shutting them down altogether, SpyCloud’s technology affords CyberDefenses’ clients the chance not only to better know their exposure, but to proactively prevent exposure before it ever happens.

“Identifying stolen employee credential information is critical to understanding your attack surface,” said Randell Casey, CyberDefenses CEO. “Connecting that intelligence to automated action can help any organization to quickly and effectively reduce the risk of a cyber attack. CTS is a powerful addition to our managed service suite – and our innovative IdM integration makes it simple to deploy and use.”

“We are excited to be working with CyberDefenses,” said Ted Ross, SpyCloud CEO. “It makes a ton of sense for any organization using identity management solutions to marry that with SpyCloud intelligence. The fact that CyberDefenses automates the integration and provides a turnkey managed service allows companies to operationalize compromise detection and remediation – taking it to the next level.”

The patent-pending solution via a CTS integration was demonstrated live with SailPoint’s IdentityQTM at Navigate ’17 in Austin, Texas last week. The demonstration showed how digitally-mined credentials could be automatically matched to company identity management records and remediation could be performed almost instantly.

Categories
Dark Web

Criminals are using these tools to “crack” your website

Account Takeover at the Push of a Button

Custom-built “cracking” tools are making it easier than ever for criminals to automate credential stuffing. Credential stuffing is the act of testing large sets of stolen credentials against a targeted interface. Criminals load lists of breached credentials into these tools to test them at large scale against targeted web or mobile authentication interfaces.

The proliferation of stolen or leaked databases has resulted in a recent surge in automated credential stuffing. Custom tools that have been circulating the underground “cracking” scene in recent years  automate this process. These tools make the process so easy, anyone can do it.

On average, attackers are seeing up to a 2% success rate for gaining access to these accounts simply due to password reuse. This may sound like a relatively insignificant proportion, but it equivocates to billions of dollars worldwide in automated fraud losses.

Credential stuffing attacks typically follow some form of the following timeline:

1. A 3rd party breach occurs, credentials are leaked, or site is compromised in some way. The breached data is then posted to public paste sites, sold in bulk on underground marketplaces, and/or traded and advertised in underground forums.

2. A threat actor acquires leaked username and credentials directly from the breach or from purchasing/trading in the underground. Some underground websites even advertise the expected success rates of their credential lists.

3. The attacker uses automated credential stuffing tools, sometimes via botnets, to test the stolen credentials against many other sites (to name a few: social media sites, retail organizations, loyalty programs).

Choose Your Weapon

So what about these tools? What are they and what exactly do they do?

1. Sentry MBA

If you work in INFOSEC, you may already be familiar with the credential stuffing tool known as Sentry MBA (named Sentry 2.0 MBA version by the original developer).  The first iteration of this custom Windows brute-forcing application, “Sentry 2.0”, was originally developed by someone using the alias “Sentinel” in underground communities. The tool was later modified by “Astaris” according to Sentry MBA’s opening interface. According to chatter in some cracking communities, Sentinel was actually a security researcher who intended for the tool to be used by organizations against their own interfaces. In fact, the release notes for version 1.4.1 of the tool includes the following disclaimer:

This program is intended ONLY for testing your own sites.
Any other use of this program is forbidden.
The Author does not take responsibility for any improper use of the program.When you start up the tool, you have to agree that you won’t using to test creds against any site or asset that you don’t own.

 

Regardless, hundreds of cracking communities have sprouted up and thrived upon this rule being broken. Somehow the tool was leaked externally into underground communities–and the rest is history.

Sentry MBA has undergone several revisions since its original release as version 1.02.

If you’ve heard about Sentry MBA before, you probably know that it needs three things  “crack” its target:

  • Configuration file: This file helps Sentry MBA navigate the unique characteristics of the site being targeted; the URL for the targeted website’s login page, for example, is specified in the config (configuration) file.
  • Proxy file: A list of IP addresses (usually compromised endpoints and botnets) to route traffic through, so that the set of login attempts appears to be coming from a large variety of sources (resembling organic traffic) rather than from a single attacker
  • Combo list: A database of username/password pairs to be tested against the target site; these lists are typically obtained from the breaches on other websites that can also be sold or traded on certain markets.

Figure 1: Opening user interface for Sentry 2.0 MBA Version.

There are countless underground forums on both the dark web and clearnet dedicated to the sale and trade of Sentry MBA config files, combo lists and proxy files (although sometimes config files are advertised as “proxyless”). These sites vary by language used, technical capability of users and legitimacy. Some of these forums advertise themselves as “cracking” forums or communities in the “cracking scene.”

Figure 2: Screenshot of CrackWarrior, a Turkish-language cracking forum.

Members who use config files (which are often pasted as text files) without giving back to the community are often banned for “leeching.” Many of these communities use reputation scoring for members and enforce disciplinary measures for breaking rules, or for “leeching”too much. Rather than acting as marketplaces, these forums allow members to manufacture, test, and post access to config files, combo lists, tutorials, and extra tools for free.

This honor system has helped create self-sustaining micro-markets for the creation and trade Sentry MBA config files and combo lists . There are also marketplaces dedicated solely to the sale of Sentry MBA inputs. These often require use of a bitcoin wallet to purchase inputs.

Sentry MBA uses OCR (optical character recognition) functionality to bypass captcha challenges and has many mechanisms to do so. However, Sentry MBA doesn’t support Javascript anti-bot challenges, according to research from F5 Networks.

Figure 3: Screenshot of “Cracking King”

The screenshot below shows some recent threads on a cracking forum dedicated to the trade of Sentry MBA config files. As shown, many of these custom config files are designed by members for popular services such as Spotify, Amazon, Netflix, Hulu, Minecraft, PayPal, Steam, FitBit, and others. It can be confidently assumed that many members of these communities are very young and would otherwise not be able to afford account memberships for these services. Fresh config files for new and existing services are added to these forums on a near-daily basis. And as services adjust their web applications to prevent Sentry MBA attacks, so too do the “crackers” seeking to break them. Sentry MBA inputs are often tweaked, tested, and reposted until they are proven effective.

Figure 4: Threads advertising custom-designed Sentry MBA config files for a variety of services on a popular clearnet “cracking” forum.

One of the most trusted config shops is the Sentry[.]mba “Sentry MBA Config Repository”, which has been around since 2015 according the site’s administrators. Sentry[.]mba is primarily a config file marketplace. Users can buy “gold” as a currency on the site using a bitcoin wallet and must use these to purchase configs that have been uploaded by various users.

Figure 5: Sentry[.]mba main page.

Figure 5: Sentry[.]mba’s description on the site’s FAQ page

The original brainchild of the service, “Carter”, wrote that he originally founded the site as the “Config Databse”. Then, with the help of his buddy “Falcon”, was able to nab the clever “sentry.mba” domain and code the repository that so many “crackers” have come to know and love.

Beyond acting as a source of reliable configuration files, the site also provides free and accessible training on how to download and use Sentry MBA.

Figure 7: Screenshot of a the Sentry[.]mba “tutorials”section.

The site also offers a free download of the latest version of Sentry MBA. The “downloads” section even includes a link to the tool’s VirusTotal scan, which shows which anti-virus services do and do not flag the file as malicious.

Figure 8: Screenshot of the Sentry MBA download section.

Sentry[.]MBA also offers various tools that members can buy to help them validate e-mail addresses, scrape credentials from dumps on paste sites, and otherwise facilitate the process of “cleaning” their inputs to increase the likelihood that running Sentry MBA against a chosen target will yield a match to crack the targeted application.

Figure 9: The screenshot above shows various tools that Sentry[.]mba vendors have offered for sale on the site.


2. Vertex

Like Sentry MBA, Vertex requires a config file as well a proxy list—and it can brute-force multiple login interfaces at once. Vertex was also reportedly coded by the same developer as Sentry MBA (Sentinel), though this hasn’t been confirmed. Vertex was released much earlier than Sentry 2.0 or Sentry MBA, but it’s still used in cracking communities and config files and combo lists for the tool are still traded and sold.

Figure 10: Original post advertising the availability of Vertex.

Vertex version 1.0.3 was reportedly developed by “Buddah.” Buddah claims to be the same person who developed Sentry.

It appears that Vertex was originally released as “brand new tool” on the clearnet cracking forum “Cracking Arena” on December 16, 2013.

The image below shows the tool in action as it cracks a targeted site, processing a combo list which must first be uploaded by the attacker. According several tutorials posted to cracking sites, users of Vertex follow these basic steps to run the tool against a targeted site to “crack” user accounts:

Figure 11: Vertex tool in use

  1. After downloading the Vertex tool, the attacker must download a combo list, a proxy list, and obtain a configuration file for the targeted site.
  2. The attacker opens Vertex and selects the configuration file for the targeted site, although Vertex allows for the selection of multiple sites.
  3. The attacker loads their proxy list.
  4. The attacker loads their combo file.
  5. The attacker presses “start” and the application brute-forces the targeted site,

Needless to say, this is not a particularly difficult task, even for those with limited technical abilities.

Unlike Sentry MBA, Vertex does not appear to have a captcha bypass feature. But it does have other advantages. Discussions in some cracking forums suggest that the tool was originally developed to “crack filehosts”, but it cracks and captures data from all form-login sites (given that they don’t include a captcha challenge). Vertex also comes with six standard configs since its release, and has been hailed as a relatively fast credential stuffing tool. Vertex is not as sophisticated as Sentry MBA, but many members of the cracking scene have written that it’s easy to use.

  • BitShare
  • FreakShare
  • Keep2Share
  • LimeFile
  • Uploaded
  • WIP Files


3. Apex

The Apex account cracking tool was also developed by “Buddah” earlier than SentryMBA or Vertex, possibly before 2010. Although Apex is older, it has been described a reliable tool, although it can’t crack SSL or HTTPS or, like Vertex, bypass captcha challenges.

The tool was originally released on MediaFire on April 7, 2013 and advertised on several cracking sites. Like Sentry MBA and Vertex, Apex Cracker also requires a config file, combo list and proxy list in order to work.

Apex also supports the use of standard HTTP and SOCKS5 proxies. According to some members of the cracking community, it can also handle database format cracking (id:pass formatting).

Figure 12: Download page for Vertex


4. Other Tools

Not every bruteforcing tool out there has been developed by “Senintel” or “Buhhda.” There are several other less popular tools that target only specific applications, or have accessory uses to cracking tools like Sentry MBA or Vertex. Some of these tools act as account checkers only for specific targeted services while others are designed to grab credentials from paste sites.

Figure 13: Screenshot of various custom tools advertised on a popular cracking forum.

 

Prevention is Crucial

Unfortunately, it’s virtually impossible to hinder the development of these tools their inputs and accessories. It’s also impossible to disrupt the thriving international online communities that continue to improve, trade and sell them.

However, organizations can prevent compromise by enforcing multi-factor authentication, use JavaScript anti-bot verification, and monitoring credential dumps. It’s especially important to monitor for dumps of third-party services that may be reused in combo lists for cracking tools like the ones we described.

Criminals have adapted and will continue to adapt to new security mechanisms put in place by targeted organizations. A prime example is Sentry MBA’s captcha bypass mechanism, which was an adaptive update to Sentry 2.0. Given their ability to adapt, the only way to win against cyber criminals is to outpace them. Each time a new security feature is added, criminals must scramble to code new features into their tools, and this process takes time.

SpyCloud’s breach monitoring service can alert customers or employees to change their passwords immediately—this means that criminals who scrape public breaches for their combo lists will find them no longer effective against a target that would have been otherwise cracked. These types of preventative measures can help mitigate account takeover attacks in your organization.

Sources:

  • https://devcentral.f5.com/articles/mitigating-sentry-mba-credentials-stuffing-threat-24723
  • https://leakforums.net/thread-74440+&cd=3&hl=en&ct=clnk&gl=us
  • https://crackingspot.com
  • https://blog.shapesecurity.com/2016/03/09/a-look-at-sentry-mba/
Categories
SpyCloud News

Press Release: SpyCloud Emerges From Stealth Mode

June 1, 2017 — Austin, Texas –(BUSINESS WIRE)– SpyCloud, Inc. announced today that it is coming out of stealth mode, with $2.5 million in seed funding from Silverton Partners and March Capital Partners, to launch its unique approach to breach discovery. Founded by cybersecurity veterans Ted Ross (former CEO of Exodus Intelligence and head of Threat Intelligence at HP) and David Endler (former CEO of Jumpshot and head of security research for TippingPoint and iDefense), the Austin-based company has built a breach discovery platform that notifies organizations through email or API when their most valued online assets are exposed on the dark web. The only US company to win the 2017 NATO Defense Innovation Challenge, SpyCloud’s technology is powered by a world class intelligence team that is able to recover breached databases from private sources at very high volumes.

“In today’s environment, organizations cannot ignore exposures that unfold outside of their defenses. Monitoring for both company assets and exposures externally is essential for any company with an online presence” said Ted Ross, CEO and Co-Founder of SpyCloud. “Customers have quickly seen the value of the uniqueness of our data and how easy it is to use the service.”

According to a recent report from Verizon, a staggering 81 percent of all data breaches last year were caused by threat actors using weak or stolen credentials. This enables even an unsophisticated threat actor to compromise a customer account or access a bank’s system with little knowledge of traditional hacking techniques. The company has been focused on the root of this issue by developing its technology and intelligence sources and validating their solution extensively with leading enterprise companies.

SpyCloud’s enterprise clients can use email, an online dashboard and/or an API to monitor for exposed records (email addresses, passwords, PII, Financial Information, etc.) and access the full set of the customer’s historical breach data. SpyCloud’s large enterprise clients (such as online retailers) use an API to proactively monitor and take action when their customers’ credentials are exposed in a 3rd party breach – combating the ever growing threat of account takeover.

“We see a growing need for breach discovery services, like SpyCloud’s, in the retail sector,” said Dan Holden, Intelligence Director of the Retail Cyber Intelligence Sharing Center (R-CISC). “Early detection of breaches and prevention of credential stuffing are essential to fighting fraud and account takeover.”

“Having worked with Ted and Dave at TippingPoint, I’ve always appreciated their expertise and couldn’t be more excited to invest alongside them and in their vision. Their approach to breach discovery is unique and already very differentiated,” said Kip McClanahan, General Partner at Silverton Partners. “SpyCloud’s early customer traction and product experience make it clear that they have a huge opportunity in front of them.”

“The proliferation of data breaches and security risks have outpaced companies’ abilities to protect themselves and their consumers,” said Jim Armstrong, partner and co-founder, March Capital Partners. “But the SpyCloud team has developed an effective, scalable solution to not only tackle breach discovery head-on but also equip companies with the intelligence they need to minimize damage. With their vast expertise in leading cybersecurity enterprises, we look forward to working with SpyCloud as they grow and help businesses of all sizes better safeguard their data.” March Capital’s investment in SpyCloud follows its investments in other leading companies in the space including Crowdstrike and E8.

About SpyCloud

SpyCloud is a pioneer in breach discovery. We strive to help businesses of all sizes mitigate data breaches by proactively alerting when employee or company assets have been compromised.  We accomplish this through our early-warning breach detection service powered by a world-class team of intelligence analysts.  For more information, please visit www.spycloud.com.

About Silverton Partners

Silverton Partners is an early stage venture capital firm based in Austin, Texas. Silverton collaborates with exceptional entrepreneurs who are committed to attacking growth markets with proprietary products or services. The principals of Silverton Partners have over five decades of venture experience, having been the start-up investors in Tivoli Systems (IPO), Silicon Labs (IPO), Motive Communications (IPO), Waveset (acquired by Sun Microsystems) and BlackLocus (acquired by The Home Depot). More information on Silverton Partners can be found at www.silvertonpartners.com.

About March Capital Partners

March Capital Partners is a Santa Monica-based venture capital firm with one of the largest global funds in Southern California. Founded by industry veterans with over 50 years of investing experience, March Capital actively invests in both early and late-stage companies in mobile, enterprise, infrastructure, gaming and other growth industries, with targeted positions in innovative global organizations. For more information, see www.marchcp.com.

Categories
SpyCloud Awards SpyCloud News

SpyCloud is Named a Winner of NATO’s Defense Innovation Challenge

We’re proud to share that SpyCloud was the only US winner of the NATO Innovation Challenge.  The challenge is aimed at accelerating transformational, state-of-the-art technology solutions in support of NATO’s cyber capabilities.

This challenge affirms that the cutting edge technology we need to stay ahead of emerging threats is out there, and we are committed to finding innovative ways to connect with the small businesses and academic institutions that lack visibility within NATO but have much to offer the Alliance,” said NATO Communications and Information Agency General Manager Koen Gijsbers.

 

Categories
SpyCloud News SpyCloud Products

SpyCloud New Feature: Most Recent Alerts

Our development team is constantly pumping out new features, and we’re excited to highlight one with you this month. A feature that our customers have been asking for is an easy way to see all of their newest breach alerts in one place.  Check out our new “Recent Records” left menu tab that groups everything together in one place for easy viewing.

 

 

You can also “Dismiss” these records and clear the notifications to signify that you’ve taken the appropriate action within your organization.

Categories
SpyCloud News

SpyCloud at the RSA Cybersecurity Conference

We had a great time exhibiting at the RSA cybersecurity conference in San Francisco, meeting new friends and reconnecting with many security industry brethren.

In conversations with CISO’s at various dinners and cocktail events at RSA, we noticed an encouraging trend of more security budgets shifting from prevention to detection.  According to a new report from Anderson Research, it comes as no surprise that the biggest motivator for this shift is that security teams want earlier visibility in order to get ahead of the typical breach timeline.