Stop searching for the needle in the cyber haystack with a new 'detect and mitigate' mindset
Large companies are wasting thousands of man hours - and many thousands of pounds - chasing false alarms while the real threats slip by unnoticed, research has shown.
This somewhat unnerving reality was highlighted in the State of Infections report published by our partner Damballa, which protects over 400 million devices worldwide with its detection focused cyber security technology.
The findings also reinforce the evolving view in the security industry that detection and mitigation, and not prevention, is the future for the mostand comprehensive cyber protection.
New detect and mitigate mindset is evolving in cybersecurity
This new approach is, fundamentally, a change of emphasis.
Whereas prevention looks out onto the known threat landscape, detection tools look inwards (onto devices, networks and systems) to monitor for unusual or unexpected activity, providing actionable intelligence of danger rather than just more alerts.
A recent report from the Ponemon Institute revealed that organisations can spend 395 man hours a week – which equates to £860,000 a year – chasing false positives and false negatives.
This is a massive waste of time (and money) and it poses a threat to information security too.
While security teams are caught up working on activity which poses no threat to their data security, they are also distracted from dealing with threats that can lead to a systems or data compromise, and advanced threats are slipping through the net and lingering undetected
Proving the point, Damballa ran a 10-month comparison experiment where it monitored the success of the four most commonly used anti-virus (AV) tools and discovered they missed almost 70% of malware on the first scan - and took six months to identify every single one as malicious threat.
The report said: "In a real world environment, a file would only be scanned once by AV. If the average security team receives 17,000 weekly alerts, or 2,430 a day, AV products will have missed 796 malicious files on day one...the longer an infection dwells before discovery and remediation, the odds of data exfiltration increases.
"While large enterprises obviously deploy many layers of prevention besides AV, any technology designed to prevent infections based on one technique and/or prior knowledge of the threat will not suffice.
"That includes signature and reputation-based products as well as those using a single method to analyse traffic or payload, like sandboxes. If a product ultimately relies on seeing the inbound malware file first, it will miss the forest for the trees."
Prevention still has a part to play in every IT and cyber security strategy, says the report.
But it can’t - and doesn’t - stop every threat; as the Damballa research and each high profile hack continue to prove.
Want to find out more?
For more information and advice on recommended approaches and technologies that can help, call us on 01296 621121 or email our advisors on firstname.lastname@example.org or contact us here