Image
Image
“Consider the risk associated with that number of infections potentially dwelling undetected inside the network.”As Damballa CTO Brian Foster explains, the ‘dwell time’ until hundreds of harmful files are identified and addressed could have serious consequences for any enterprise. “If it took you six months to get detected, that’s six months when that hacker has had access to one of your systems,” said Foster. The study analyzed tens of thousands of files submitted by companies for review using the four most commonly deployed AV products, although the names of these specific products were not disclosed. Daniel Schneersohn, APAC VP at Damballa, acknowledges the challenge that IT security teams deal with in order to identify “the needle in the haystack” from the overwhelming amount of alerts. “In the case of Target, for more than three months, they had several systems that were warning them of the infection, but it is just part of the hundreds of alerts the same system was sending them; all of the other ones were false positives,” said Schneersohn. With an infinite number of malware code at attackers’ disposal and only a finite number of skilled security staff on deck, it’s critical that security professionals implement a “forward-thinking breach readiness strategy,” concludes the report. “Enterprises should prevent what they can, and there are millions of known threats that can be identified with AV," said Foster. "But the real threat lies in what AV can't identify."
