Damballa Q1 2014 Report Shows Average Enterprise Generates 10,000 Security Events Daily

Security Professionals Face Potential Avalanche of Anomalous Traffic Unleashed by Hackers to Mask Targeted Attacks

ATLANTA--()--Damballa, the experts in advanced threat protection and containment, today released its Q1 2014 State of Infections Report, highlighting the impossible task confronting security staff tasked with manually analyzing huge volumes of security events. The report was compiled from analysis of 50% of North American ISP Internet traffic and 33% of mobile traffic, plus large volumes of traffic from global ISPs and enterprise customers. Its findings revealed that the devices in an average company’s network are generating an aggregate average of 10,000 security events per day, with the most active generating around 150,000 events per day. They also discovered that large, globally-dispersed enterprises were averaging 97 active infected devices each day and leaking an aggregate average of more than 10GB of data per day.

Such figures illustrate how daunting it is for security staff to manually trawl through mountains of alerts in order to discover which (if any) constitute a real and present threat. It also sheds light on why recent high profile attacks at organizations like Target were undetected for so long, since alerts don’t equal infections. The only way to determine if a device is infected is to correlate logged activity, which takes far too much time and man hours.

Advanced techniques such as Domain Generation Algorithms (DGA), used by threat actors to generate vast quantities of random domain names, can evade prevention controls and delay identification of actual infections. These techniques require security teams to wade through thousands of anomalous IP domains in order to find the IP address that carries the real payload. In a test conducted by Damballa Labs, where ‘dirty’ network traffic was replayed past more than 1,200 simulated endpoints, 538 pieces of evidence was collected and correlated for each actual infection – nearly impossible to do manually.

According to Brian Foster, CTO of Damballa, “We are already facing a profound scarcity of skilled security professionals, which the latest Frost & Sullivan figures estimate will equate to a 47% shortfall by 2017. If we compound this fact with the increase in data breaches and the scope of work required to identify a genuine infection from the deluge of security events hitting businesses every day, we can see why security staff are struggling to cope. Automated incident detection is an important part of the solution to free valuable security staff from the labor-intensive task of sifting through false-positives, to focus on the more important issues of speedy remediation and threat mitigation.”

As previously stated, the enterprises studied averaged 97 infections daily. The ability to reduce the time spent to find these infected devices is significant. The Ponemon Institute reports that it takes companies an average of nearly three months (90 days) to discover a malicious breach and four months or longer to resolve it.

The ability to reduce the time-to-discovery from 90 days to 1 day, across those 97 infected devices, would result in a savings of 89 man-days per device, or 8,633 man-days (23.65 years) per enterprise. Not only is this a tremendous saving in time, but it significantly shrinks the window of when an enterprise is vulnerable to that particular attack.

The full Q1 State of Infections Report can be downloaded at http://landing.damballa.com/2014-State-of-Infections.html.

About Damballa

As the experts in advanced threat protection and containment, Damballa discovers active threats that bypass all security prevention layers. Damballa identifies evidence of malicious network traffic in real time, rapidly pinpointing the compromised devices that represent the highest risk to a business. Our patented solutions leverage Big Data from the industry's broadest data set of consumer and enterprise network traffic, combined with machine learning, to automatically discover and terminate criminal activity, stopping data theft, minimizing business disruption, and reducing the time to response and remediation. Damballa protects any device or OS including PCs, Macs, Unix, iOS, Android, and embedded systems. Damballa protects more than 400 million endpoints globally at enterprises in every major market and for the world's largest ISP and telecommunications providers. For more information, visit www.damballa.com, or follow us on Twitter @DamballaInc.

Contacts

ZAG Communications
Kari Walker, 703-928-9996
Damballa@zagcommunications.com
or
Eclat Marketing
James Stockbridge or Piers d’Orgée, 01287 486000
Damballa@eclat.co.uk

Release Summary

Damballa, the experts in advanced threat protection and containment, today released its Q1 2014 State of Infections Report, highlighting the impossible task confronting security staff.

Contacts

ZAG Communications
Kari Walker, 703-928-9996
Damballa@zagcommunications.com
or
Eclat Marketing
James Stockbridge or Piers d’Orgée, 01287 486000
Damballa@eclat.co.uk