Skip to main content

Cybersecurity Statistics

Security Intelligence

VendorsDirectDefense

DirectDefense

Cybersecurity reports and statistics published by DirectDefense

8 categories1 reports

Research Reports

Reports and publications from DirectDefense

2025 Security Operations Threat Report

4/15/2025

Recent Statistics & Reports

The average time from initial access to domain control has shrunk to under two hours.

4/15/2025
Initial accessDomain control

For Execution, the most observed technique by DirectDefense is Malicious File Execution, tricking users into running malware via phishing and social engineering. Alerts triggered for Execution include: Malicious File Detected.

4/15/2025
MITRE ATT&CKExecutionMalicious file execution

For Initial Access, the most observed technique by DirectDefense is Valid Accounts, which involves leveraging stolen credentials for unauthorized access. Alerts triggered for Initial Access include: First Ingress Authentication from Country, Multiple Country Ingress Authentications, Multiple Wireless Country Authentications.

4/15/2025
MITRE ATT&CKInitial accessValid accounts

For Credential Access, the most observed technique by DirectDefense is Brute Force, automated attacks on authentication systems. Alerts triggered for Credential Access include: Account Lockout Events.

4/15/2025
MITRE ATT&CKCredential accessBrute force

Ransomware deployment occurs in as little as six hours

4/15/2025
Ransomware

DirectDefense mapped alerts to the MITRE ATT&CK® framework to identify the top five tactics. The top five tactics identified are: Initial Access, Persistence, Lateral Movement, Execution, and Credential Access.

4/15/2025
MITRE ATT&CKInitial accessPersistence

For Persistence, the most observed technique by DirectDefense is MFA Interception, where attackers manipulate MFA settings to maintain access. Alerts triggered for Persistence include: New MFA Authenticator App Added, Account Manipulation.

4/15/2025
MITRE ATT&CKPersistenceMFA

For Lateral Movement, the most observed technique by DirectDefense is Valid Accounts, using stolen credentials to escalate privileges. Alerts triggered for Lateral Movement include: Lateral Movement – Local Credentials.

4/15/2025
MITRE ATT&CKLateral movementValid accounts

Top Categories

MITRE ATT&CK
6
Initial access
3
Execution
2
Valid accounts
2
Persistence
2
Lateral movement
2
Domain control
1
Malicious file execution
1

Related Vendors

Action1
7 stats
Paubox
10 stats
Trellix
12 stats
Marsh
6 stats
Veeam
13 stats
FinCEN
6 stats