Threat Prevention Systems Not Enough

Friday, April 17, 2015 @ 02:04 PM gHale


With today’s sophisticated attacks hitting the industry, a smart approach to security is more important than ever.

Just when you think you are protected, it turns out you are not. That is because a new study found infected devices behind a company’s protected network can still communicate with the outside without detection. That can occur even with properly configured perimeter defenses, according to the study from Seculert.

RELATED STORIES
Social Engineering: Employees a Huge Risk
Affect of Attacks on Partners
BYOD, Cloud Security Risk Growing
DDoS Attacks Less Frequent, More Complex

The research extended for a period of 90 days and gathered information from 61.9 billion communication streams originating from the networks of enterprises in North America, listed in Fortune 2000, where 800,000 Seculert client devices were present.

The study showed compromised devices inside the organization generated about 3 million communications and only 87 percent ended up blocked by gateway solutions from different vendors, meaning 13 percent were able to reach the intended destination.

Researchers said each enterprise whose outbound communication ended up monitored remained protected by a secure gateway and/or an advanced firewall solution, as well as IPS (intrusion prevention system) and SIEM (security information and event management) products.

The security level also increased with the availability of a fully functioning protection suite on endpoint systems.

Among the gateway solutions observed during the research were products from Blue Coat, Fortinet, McAfee, Palo Alto Networks, Websense, and Zscaler.

As for the SIEM software and services present, these came from HP (ArcSight), IBM (QRadar), Splunk, RSA, TIBCO (LogLogic), LogRhythm, and McAfee.

According to the report, the gateway that recorded the best results preventing the communication of the infected devices permitted 15 percent to access the malicious command and control (C&C) server.

Furthermore, three of the gateways allowed more than 90 percent of the devices to perform malicious communication.

The findings found 2 percent of the devices in the organizations ended up compromised by malware, and almost 400,000 of the interactions they generated went undetected, delivering different types of data to threat actors.

“These results point to one clear issue, current generation prevention systems, even when they are well run, cannot provide complete protection in the current threat landscape. CISOs need to ‘think different’ about their entire security strategy and begin augmenting their existing perimeter security strategy with a comprehensive post infection detection solution,” said Dudi Matot, Seculert chief executive.



Leave a Reply

You must be logged in to post a comment.