Cisco Cybersecurity Report: A Closer Look and Recommendations
In February Cisco released their 2017 Annual Cybersecurity Report, which is a comprehensive look at how malware operates and what enterprises are doing to defend themselves. From the long list of data and findings presented, we have pulled out those that we think IT teams can use to improve security decisions and effectiveness quickly.
One overall trend we noticed is that attacks are relentless and constantly changing:
- 75% of companies have been victimized by malvertising, which introduces malware and now is even harder to detect due to the introduction of brokers.
- New malware delivery mechanisms and exploit kits are “more sophisticated and agile.”
- The Time to Evolve – “the time it takes adversaries to change the way specific malware is delivered.” – is shrinking. 75-95% of malware evolved in less than 24 hours (depending on the type of attack).
The other theme is that enterprises are not keeping up, in part because of formidable constraints on adopting advanced security solutions needed to detect the latest threats:
- Popular browser-based attacks cannot be detected by signature-based systems.
- The median time to detect a breach is 6 hours (although some take weeks or months to detect), and a lot of data can be lost in 6 hours.
- Only 56% of alerts are investigated, highlighting that availability of data is less of an issue than the ability to analyze the data on hand. Also, only 46% of legitimate alerts are remediated.
- Poor compatibility with legacy security solutions makes it hard to implement new technologies.
- Enterprises face inadequate staffing due to lack of trained candidates.
The report goes on to make a strong recommendation for automation, which is needed to make up for the resource gap. To quote the Constraints section of the report:
“The fact that nearly half of alerts go uninvestigated should raise concern. What is in the group of alerts that is not being remediated: Are they low-level threats that might merely spread spam, or could they result in a ransomware attack or cripple a network? To investigate and understand a greater slice of the threat landscape, organizations need to rely on automation as well as properly integrated solutions. Automation can help stretch precious resources and remove the burden of detection and investigation from the security team.”
Can Technology Help?
To address the issues raised in the report, companies need new technologies that:
- Have a high success rate of detecting evasive malware
- Are automated with low false positives to increase productivity of existing staff
- Offer context for each alert to speed investigations and identify specific steps analysts can take to mitigate the risk
- Detect malware before a breach has occurred instead of not finding out until after the data is gone
- Identify evasive malware introduced via web content, email, or file transfers, before it can compromise a system, and anomalous activity caused by evasive malware already in your network
- Keep up with and are effective against new attacks and can detect malware quickly, before it evolves, without prior knowledge of the malware
- Augment existing security technologies, increasing their security effectiveness, instead of adding another stand-alone appliance
We encourage enterprises to use this as a checklist when evaluating new security technologies. Having these capabilities in place will greatly improve their ability to detect constantly evolving attack schemes and prevent the resulting damaging data breaches, and do so with limited resources.
About Lastline Enterprise
As a reminder, Lastline Enterprise:
- Automatically analyzes all files, regardless of how they arrive, plus network traffic, including web content, email, and file transfers, to detect anomalous patterns and suspicious objects, and provides full context for each alert to speed investigation.
- Analyzes behavior, in files and across networks, to detect all types of malware, including previously unseen variants, before it has the opportunity to inflict damage.
- Includes robust APIs that enable you to quickly integrate with leading security vendors, including endpoint, email, firewall, as well as legacy or proprietary products.
Whitepaper: Read how Lastline Enterprise provides comprehensive protection from advanced malware across the entire enterprise.
Latest posts by John Love (see all)
- Cisco Cybersecurity Report: A Closer Look and Recommendations - March 9, 2017