Current network defenses are like the Maginot Line, analysts find.
A security study drawing data from more than 1,600 networks over a six-month period found that 97 percent of the networks experienced some form of breach—despite the use of multiple layers of network and computer security software. The study, performed by analysts from security appliance vendor FireEye and its security consulting wing Mandiant, compared current network defenses to the Maginot Line, the infamous French fortress chain that the Germans bypassed during their May 1940 invasion.
The data collected from network and e-mail monitoring appliances from October 2013 to March 2014 also showed that three-quarters of the networks had command-and-control traffic indicating the presence of active security breaches connected to over 35,000 unique command-and-control servers. Higher-education networks were the biggest source of botnet traffic.
FireEye and Mandiant analyzed real-time data from 1,614 FireEye appliances that had been placed on networks as part of “proof of value” trials; the devices provided monitoring. Each of the networks already had a “defense in depth” architecture, combining firewalls, intrusion detection and prevention systems, and antivirus software. Despite that, the appliances detected over 208,000 malware downloads across the monitored networks, of which 124,000 were unique malware variants.
On average, each network was subjected to 1.6 exploits and 122 malware droppers during the six-month period. FireEye and Mandiant analysts also reported that 27 percent of the monitored organizations in the study “experienced events known to be consistent with tools and tactics used by advanced persistent threat (APT) actors”—inferring that they were being attacked by either state-sponsored organizations or sophisticated criminal networks.
The data collected from network and e-mail monitoring appliances from October 2013 to March 2014 also showed that three-quarters of the networks had command-and-control traffic indicating the presence of active security breaches connected to over 35,000 unique command-and-control servers. Higher-education networks were the biggest source of botnet traffic.
FireEye and Mandiant analyzed real-time data from 1,614 FireEye appliances that had been placed on networks as part of “proof of value” trials; the devices provided monitoring. Each of the networks already had a “defense in depth” architecture, combining firewalls, intrusion detection and prevention systems, and antivirus software. Despite that, the appliances detected over 208,000 malware downloads across the monitored networks, of which 124,000 were unique malware variants.
On average, each network was subjected to 1.6 exploits and 122 malware droppers during the six-month period. FireEye and Mandiant analysts also reported that 27 percent of the monitored organizations in the study “experienced events known to be consistent with tools and tactics used by advanced persistent threat (APT) actors”—inferring that they were being attacked by either state-sponsored organizations or sophisticated criminal networks.
Sean Gallagher / Sean is Ars Technica's IT Editor. A former Navy officer, systems administrator, and network systems integrator with 20 years of IT journalism experience, he lives and works in Baltimore, Maryland.http://arstechnica.com/security/2014/05/study-97-of-companies-using-network-defenses-get-hacked-anyway/?utm_content=5453676&utm_medium=social&utm_source=twitter
No comments:
Post a Comment