According to findings in Damballa’s Q1 2014 State of Infections Report. the average enterprise generates as many 10,000 security events per day, many of which require manual analysis to determine if there are early indicators of a compromise of systems.
“Such figures illustrate how daunting it is for security staff to manually trawl through mountains of alerts in order to discover which (if any) constitute a real and present threat,” the company stated regarding the research.
“It also sheds light on why recent high profile attacks at organizations like Target were undetected for so long, since alerts don’t equal infections. The only way to determine if a device is infected is to correlate logged activity, which takes far too much time and man hours.”
Key findings include:
- An average company’s network are generating an aggregate average of 10,000 security events per day
- The most active companies are generating around 150,000 events per day
- Large enterprises are leaking an aggregate average of more than 10GB of data per day
- Advanced techniques such as Domain Generation Algorithms (DGA) generate vast quantities of random domain names and delay identification of actual infections
- Large enterprises are averaging 97 active infected devices each day
- The ability to reduce the time-to-discovery from 90 days (Ponemon Institute average) to 1 day across those 97 infected devices, would result in a savings of 89 man-days per device, or 8,633 man-days (23.65 years) per enterprise
“We are already facing a profound scarcity of skilled security professionals, which the latest Frost & Sullivan figures estimate will equate to a 47% shortfall by 2017. If we compound this fact with the increase in data breaches and the scope of work required to identify a genuine infection from the deluge of security events hitting businesses every day, we can see why security staff are struggling to cope,” said Brian Foster, CTO of Damballa.
“Automated incident detection is an important part of the solution to free valuable security staff from the labor-intensive task of sifting through false-positives, to focus on the more important issues of speedy remediation and threat mitigation.”
Read More Here (form required)…