McAfee, now part of Intel Security has issued a new report, ‘When Minutes Count’ that assesses organizations’ abilities to detect and deflect targeted attacks, reveals the top eight most critical indicators of attack, and examines best practices for proactive incident response. The report illustrates how much more effective enterprises are when they perform real-time, multi-variable analysis of subtle attack activity and factor time and threat intelligence in to risk scoring and incident response priorities.
A survey commissioned by Intel Security and conducted by Evalueserve in conjunction with the report, suggests that a majority of companies lack confidence in their ability to detect targeted attacks in a timely manner. Even companies best prepared to handle targeted attacks are taking the time to investigate high volumes of events, contributing to a sense of urgency and organizational focus on creative approaches to earlier detection and more effective mitigation.
Key findings include-
• 74% of respondents indicated that targeted attacks are a primary concern for their organizations.
• 58% of organizations investigated 10 or more attacks last year.
• Only 24% of companies are confident in their ability to detect an attack within minutes, and just under half said it would take days, weeks, or even months before they noticed suspicious behavior.
• 78% of those able to detect attacks in minutes had a proactive, real-time Security Information and Event Management (SIEM) system.
• Half of the companies surveyed indicated that they have adequate tools and technologies to deliver faster incident response, but often critical indicators are not isolated from the mass of alerts generated, placing a burden on IT teams to sift through threat data.
“We noticed a workstation making odd authentication requests to the domain controller at two o’clock in the morning. That could be normal activity, but it could also be a sign of something malicious,” said Lance Wright, Senior Manager of Information Security and Compliance at Volusion, a commerce solutions provider contributing to the report. “After that incident we set up a rule to alert us if any workstation has more than five authentication requests during non-business hours to help us identify the attack early, before any data is compromised.”
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.