Q4 2014 State of Infections Report Highlights Limits Of Prevention-Centric Security Programs

By   muhammad malik
Chief Editor , Information Security Buzz | Feb 11, 2015 05:04 pm PST

ATLANTA – February 12, 2015 – Damballa, the experts in advanced threat protection and containment, today released its Q4 2014 State of Infections Report, highlighting the limitations of a prevention-centric approach to security.In an analysis of tens of thousands of malicious files, Damballa discovered that it can take more than six months for traditional AV tools to create signatures for 100% of the files.  With ‘time to breach’ a critical component in damage control in today’s threat environment, the analysis further underlines the importance of adopting a proactive stance to threat detection.

Key Findings

Infection Dwell Time:  A byproduct of failed prevention

Based on a comparison study where thousands of enterprise files were reviewed, Damballa discovered that, within the first hour of submission, AV products missed nearly 70% of malware. Further, when rescanned to identify malware signatures, only two in three (66%) were identified after 24 hours and after seven days, the total was 72%.  It took more than six months passed for AV products to create signatures for 100% of the malicious files. The longer an infection dwells before discovery and remediation, the greater the odds of data exfiltration.

The significance of this is the impact it has on containment and labor-intensive detection processes.  This was underscored by the recent findings of a Ponemon Institute report,* which revealed that an average enterprise security team receives 17,000 weekly alerts, or 2,340 daily. AV products would have missed 796 malicious files on Day One, which suggests a sizeable risk associated with that number of infections potentially dwelling inside the network.

With skilled security manpower in limited supply*, the report also highlights the importance of automating manual processes and decreasing the ‘noise’ from false positives rather than trawling through uncorroborated alerts to find the  true infections.

In order to reduce manual efforts, Damballa advises security teams must have:

1. High-fidelity, automatic detection of actual infections to reach a statistical threshold of confidence in a true positive infection

2. Integration between detection and response systems

3. Policies that enable automated response based on a degree of confidence

Brian Foster Damballa CTO comments, “What’s clear from these figures is that we have to turn the table on infection ‘dwell’ time.  In much that same way that a flu vaccine hinges on making ‘best-guess’ decisions about the most prevalent virus strains – AV is only effective for some of the people some of the time.  Viruses morph and mutate and new ones can appear in the time it takes to address the most commonly found malware. ”

” Dependence on prevention tools simply isn’t enough in this new age of advanced malware infections; attackers can morph malware code on a whim, yet organizations have a finite number of staff to deal with the barrage of noise generated from security alerts.  We urge taking a fresh “breach-readiness” approach, which reduces dependence on people and legacy prevention tools.”

The Full State of Infections Report can be downloaded at http://www.damballa.com/state-infections-report-q4-2014/

About Damballa

damballa_logoAs the experts in advanced threat protection and containment, Damballa discovers active threats that bypass all security prevention layers. Damballa identifies evidence of malicious network traffic in real time, rapidly pinpointing the compromised devices that represent the highest risk to a business. Our patented solutions leverage Big Data from the industry’s broadest data set of consumer and enterprise network traffic, combined with machine learning, to automatically discover and terminate criminal activity, stopping data theft, minimizing business disruption, and reducing the time to response and remediation. Damballa protects any device or OS including PCs, Macs, Unix, iOS, Android, and embedded systems. Damballa protects more than 400 million endpoints globally at enterprises in every major market and for the world’s largest ISP and telecommunications providers. For more information, visit www.damballa.com, or follow us on Twitter @DamballaInc.

*Ponemon: The Cost of Malware Containment. January 2015.

** ISACA: 2015 Global Cybersecurity Status Report: 86% of respondents said there is a global shortage of skilled cybersecurity professionals. 


Notify of
3 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x