Awareness Awakening: Firms Assume Compromise

Tuesday, February 25, 2014 @ 04:02 PM gHale

Security awareness continues its upward rise, as a majority of organizations now operate under the assumption their network already suffered a compromise, or will soon suffer an attack, a new survey found.

When the limitations of perimeter security open up it means endpoints and critical servers end up vulnerable, according to a survey by the SANS Institute on behalf of Guidance Software. With slew of high profile breaches in 2013 occurring on endpoints, interest in improving endpoint security is top-of-mind.

Lack of Confidence in Handling a Breach
Internal Security Breaches Biggest Threat
Report: Execs Still Lack Security Understanding
Senior Mgt Biggest Security Violators

In the first-ever SANS Endpoint Security Survey, SANS surveyed 948 IT Security professionals in the United States to determine how they monitor, assess, protect and investigate their endpoints, including servers.

The largest group of respondents encompassed security administrators and security analysts. More than one-third of those respondents (34 percent) work in IT management (e.g., CIO or related duties) or security management (e.g., CISO or similar responsibilities).

The survey results found more attacks are bypassing perimeter security, despite the idea respondents do not consider the attacks sophisticated.

Key findings from the survey include:
• Prevention: 47 percent of respondents are operating under the assumption they’ve suffered a compromise; with another 5 percent saying they operate under the assumption if they have not already suffered a compromise, eventually they will.
• Detection: Although 70 percent are collecting data from endpoints, only 16 percent find more than half of their threats through active discovery or hunting.
• Response: Delays to breach response times are clearly unacceptable, as 83 percent of the respondents said they needed results from endpoint queries in an hour or less. More than 26 percent indicated they wanted the data in five minutes or less, underscoring the importance of conducting timely digital investigations.
• Remediation: 77 percent rely on slow and expensive “wiping and reimaging.” Furthermore, 54 percent of the respondents have automated less than 10 percent of their workflow to manage the remediation process. Recognizing this issue, over 60 percent of those who have not yet automated, indicate they plan to do so in the next 24 months.

“The survey results demonstrate clearly that organizations are failing to close the loop between their network and endpoint protections and intelligence,” said Deb Radcliff, executive editor of the SANS Analyst Program, which produced the report. “Further, they’re using mostly manual processes to uncover compromises and assess impact, both of which are costly in terms of IT manpower and loss of productivity while critical servers and end-user machines are returned to a trusted state.”

Leave a Reply

You must be logged in to post a comment.