Damballa has released its inaugural Q1 2014 “State of Infections” report, which investigates the state of the enterprise under attack. It provides context into the behavior of a new generation of threat operators, statistics on the level of infections seen in a typical enterprise, and the steps businesses should take to better prepare themselves. In North America, Damballa sees nearly 50% of all Internet traffic and 33% of mobile traffic. The report is based on Damballa Labs’ direct observation of more than 400 million top-level Internet domains and over 146 million second-level domains. It details some of the latest, sophisticated tactics such as Domain Generating Algorithms that threat operators are implementing to quietly gain access to and potentially exfiltrate sensitive corporate and customer data.Crucially, we highlighted actual infections; not malware alerts, but confirmed infections where real damage is done. the infected devices are actually uploading an aggregate average of more than 10GB daily – yes, that’s 10GB of potential data exfiltration DAILY.And here’s what we found within the typical enterprise: The devices within an average customer’s network generate an aggregate average of more than 10,000 events daily that may potentially be associated with malware behavior. The quietest customers average less than 5, and the most active more than 150,000 events daily. It’s no wonder teams like those at Target can’t get to every noisy alert. Security teams must automate infection ‘hunting’ and prioritize their response. Otherwise they will spend all day chasing their tails. Large, globally-dispersed enterprises average 97 active infected devices each day. As mentioned above, these infected devices are uploading an aggregate average of more than 10GB daily – 10GB of potential data exfiltration DAILY. The challenge is in finding these ‘needle in the haystack’ true infections – the ones currently doing damage to your business.Bystanders may think it’s outrageous that a breach could go undetected for months. But the people engaged in daily hand-to-hand combat know that an alert doesn’t equal an infection, and that finding the truly infected devices that are most likely to cause harm is an ongoing challenge. There aren’t enough trained security professionals in the world to solve the problem manually. The ability to automatically identify, prioritize and remediate those truly infected assets is critical to today’s enterprise.
State of Infections Report: Organizations Overwhelmed with Alerts; Automating Detection & Response is Critical
May 14, 2014 by Leave a Comment