Russian bears lead the way when it comes to gaining enough of a foothold in your networks to perform a successful data breach according to the 2019 Global Threat Report from CrowdStrike. This matters, because having an understanding of how quickly the bad guys can move across your networks is vital in getting to grips with the 1-10-60 rule. And that determines how likely you are to stop them succeeding in breaching your data.
The CrowdStrike Threat Graph, a massively scalable and cloud-based database, is described as being the brains behind the breakout time metric: a measurement of the speed that threat actors are able to move laterally within the targeted environment following the initial compromise and start propagating advanced exploits. The breakout time is of huge importance when it comes to securing networks as it represents the defensive window of opportunity; the time limit for defenders to respond, contain or remediate an intrusion before the attackers can move widely enough through a network to facilitate a major data breach. For the 2019 report, CrowdStrike analysts dove deeper into the threat graph data and calculated the breakout time for attributed incidents in order to determine just how quick major nation-state and criminal actors have become.