2025年全球企业安全运营分析报告

Table of Contents ForewordKey TakeawaysData SourcesDetectingThreatsAcrosstheAnalyzingTelemetrytoUncoverThreatIntelligenceSpotlight24x7VigilanceIsEssentialMegaEventSpotlight:FortinetTriagingAlertstoEliminateTop3ReasonsforAlertNotAllAlertsAreEqualIncreasingEfficiencywithRapidDetectionandValidationInvestigatingThreatsRespondingtoThreatswithAFamiliarTrioofIndustriesMegaEventSpotlight:SonicWallConclusion Foreword C Y B E R S E C U R I T YI S A W H I R L W I N D O F C O N S T A N T C H A N G E . Practitioners understand that no two days are the same, and each brings new insights and lessons. It’s also truefor us at Arctic Wolf, but on an exponential level: the scale at which we operate and the vast amount of security Entering the third year of the Arctic Wolf Security Operations Report, our annual review highlights that cyberthreats are not just persistent, they are steadily getting worse. Despite record-breaking budgets and continued This concern is echoed in the FBI’s 2024 InternetCrime Report, which reveals a staggering28%increasein reported losses year-over-year, reaching$16 billion(USD), up from$12.5billionthe year prior. This evolution that we are prepared to face the next This year’s report shows how these threats alsocontinue to evolve in both scale and sophistication.Adversaries are taking advantage of “off-businesshours” to launch attacks as51%of all alerts are nowgeneratedoutside of traditional working hours,underscoring how non-negotiable 24x7 monitoringis. To combat this, many hope for a solution throughincreased investments in technology. As a result, we are Our analysis suggests that the gap between effort andeffectiveness is driven by compounding operationalfailures, which history has proven cannot be solvedwith more money and tools. Instead, we must addressthe core factors driving this “effectiveness gap,”including a focus on security checklists over security Identifying the problem is only the first step. Thatis why this has been a year of evolution for ArcticWolf. Our introduction of Alpha AI, Arctic Wolf’ssuite of unique, cutting-edge machine learning and Ultimately, this report offers more than reflection —it is a roadmap. Whether you are a security leader,practitioner, or executive, our goal is to help youbetter understand the evolving threat landscape,benchmark your operations, and make informed artificial intelligence technologies, is designed toimprove security operations efficacy by increasingspeed, accuracy, and efficiency. This is supported by L I S A T E T R A U L TSenior Vice President, Security Services, Key Takeaways Here are some of the top takeaways included and explained within this report. 2 4x 7 M O N I T O R I N G I S N O T O P T I O N A L , 51% of alertsare generated outside of traditional business hours, and nearly one-sixth of each week’s T H R E A TS I G N A L S A R E B U R I E D I N M O U N T A I N S 330T R I L L I O N From330 trillion raw observations, Arctic Wolf generated one alert for every 138 million. This staggeringratio highlights the difficulty of spotting real threats hidden within vast volumes of benign activity. A IS U P E R C H A R G E S H U M A N S—I T D O E S N ’ TR E P L A C ET H E M 860,000+ N O TE V E R Y A L E R T I S A T H R E A T 71% of all ingested alertsare suppressed by applying customer context and threat intelligence toidentify expected or benign activity. Education, healthcare, and manufacturing top the charts for attack volume. Shared traits: outdatedinfrastructure, high-value data, and low tolerance for downtime. Key Takeaways(continued) P R E V E N T I O NT E C H W O R K S— AuroraTMEndpoint Defenseprevented84,000+ unique threatsfrom executing within customerenvironments in just the first three months of its launch. Our mean time to ticket (MTTT) is 7 minutes and 5 seconds, a37% decreasefrom 11 minutes and19 seconds two years ago, enabling faster threat validation and response. E A R L YD E T E C T I O N I S K E Y Of 9,000+ security investigations, only 2% were confirmed threats. Arctic Wolf’s SOC excels atearly detection — most investigations relate to initial access attempts, with very few escalating to V I S I B I L I T YI S E V E R Y T H I N G 33B I L L I O N The average customer generates33 billion observations annually. Without full-spectrum telemetry, 7 2 %O F A C T I V E R E S P O N S E A C T I O N S W E R E This ratio highlights the critical role of managing compromised credentials to stop threats early and Data Sources While portions of this report may cite other Arctic Wolf publications and third-party sources forcontext or clarity, the majority of facts, figures, and statistics presented here are based upon thenearly 330 trillion analyzed observations made between the period covering May 1, 2024, through To obtain the full visibility necessary to accurately detect and respond to potential threats, theseobservations are sourced from a broad range of attack surface telemetry including endpoint,