Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

6/24/2013
10:17 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

McAfee Report Reveals Businesses Failing To Harness Big Security Data To Protect Against Threats

Only 35 percent of businesses say they can actually detect security breaches within minutes

SANTA CLARA, Calif., – June 17, 2013 – McAfee today released a study revealing how organizations around the world are unable to harness the power of Big Data for security purposes. According to the report 'Needle in a Datastack', businesses are vulnerable to security breaches due to their inability to properly analyze or store big data.

The ability to detect data breaches within minutes is critical in preventing data loss, yet only 35% of firms stated that they have the ability to do this. In fact, more than a fifth (22 percent) said they would need a day to identify a breach, and five percent said this process would take up to a week. On average, organizations reported that it takes 10 hours for a security breach to be recognized.

"If you're in a fight, you need to know that while it's happening, not after the fact," said Mike Fey, executive vice president and worldwide Chief Technology Officer. "This study has shown what we've long suspected -- that far too few organizations have real-time access to the simple question 'am I being breached?' Only by knowing this, can you stop it from happening."

Misplaced security confidence putting organizations at risk

Nearly three quarters (73 percent) of respondents claimed they can assess their security status in real-time and they also responded with confidence in their ability to identify in real-time insider threat detection (74 percent), perimeter threats (78 percent), zero day malware (72 percent) and compliance controls (80 percent). However, of the 58% of organizations that said they had suffered a security breach in the last year, just a quarter (24 percent) had recognised it within minutes. In addition, when it came to actually finding the source of the breach, only 14% could do so in minutes, while 33% said it took a day and 16% said a week.

This false confidence highlights a disconnect between the IT department and security professionals within organizations, which is further highlighted when the Needle in a Datastack findings are compared with the with a recent Data Breach Investigations report of security incidents. The study of 855 incidents showed that 63% took weeks or months to be discovered. The data was taken from these organizations within seconds or minutes in almost half (46 percent) of the cases.

Organizations increasingly exposed to Advanced Persistent Threats

Needle in a Datastack found that on average that organizations are storing approximately 11-15 terabytes of security data a week, a figure that Gartner Group predicts will double annually through 2016. To put that in perspective, 10 terabytes is the equivalent of the printed collection of the Library of Congress. Despite storing such large volumes of data, 58% of firms admitted to only holding on to it for less than three months, thereby negating many of the advantages of storing it in the first place.

According to the McAfee Threats Report: Fourth Quarter 2012, the appearance of new advanced persistent threats (APTs) accelerated in the second half of 2012. This type of threat can lay dormant within a network for months or even years, with numerous recent high profile examples including attacks on major U.S. newspapers. Long term retention and analysis of security data to reveal patterns, trends and correlations is crucial if organizations are to spot and deal quickly with these APTs.

Realizing the Value of Big Security Data

To achieve real-time threat intelligence in an age where the volume, velocity and variety of information have pushed legacy systems to their limit, businesses must embrace the analysis, storage and management of big security data. These ever-growing volumes of events, as well as asset, threat, user and other relevant data have created a big data challenge for security teams. To overcome this challenge, successful organizations have moved from traditional data management architectures to systems that are purpose-built to handle security data management in the age of APTs.

With this need to identify complex attacks, organizations should go beyond pattern matching to achieve true risk-based analysis and modeling. Ideally, this approach should be backed by a data management system able to create complex real-time analytics. In addition to the ability to spot threats in real-time, organizations should have the ability to identify potentially sinister long-term trends and patterns. Beyond just finding a 'needle in a datastack', organizations should move to a longer time horizon with risk-based context to find the right needle, so they can proactively deal with today's threats.

Notes to editors

The study, conducted by research firm Vanson Bourne, interviewed 500 senior IT decision makers in January 2013, including 200 in the USA and 100 each in the UK, Germany and Australia.

About McAfee

McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), empowers businesses, the public sector, and home users to safely experience the benefits of the Internet. The company delivers proactive and proven security solutions and services for systems, networks, and mobile devices around the world. With its Security Connected strategy, innovative approach to hardware-enhanced security, and unique Global Threat Intelligence network, McAfee is relentlessly focused on keeping its customers safe. http://www.mcafee.com

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5230
PUBLISHED: 2019-11-13
P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform...
CVE-2019-5231
PUBLISHED: 2019-11-13
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package.
CVE-2019-5233
PUBLISHED: 2019-11-13
Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific components.
CVE-2019-5246
PUBLISHED: 2019-11-13
Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain par...
CVE-2010-4177
PUBLISHED: 2019-11-12
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.