Please Mind the Gap

99 Percent of Enterprise Networks Have a Serious Gap in Their IT Security Defenses

As we begin a new year, it is time to reflect on lessons learned in 2011. And, when it comes to IT security, some of the lessons have been hard ones.

Findings from FireEye’s 1H2011 Advanced Threat Report illuminate the sophistication of the new breed of cyber attacks and the success cyber criminals are having in penetrating today’s corporate networks. According to FireEye Research, there is a significant gap in today’s enterprise IT defenses, as advanced malware and targeted attacks are easily evading traditional defenses such as firewalls, intrusion prevention systems, antivirus solutions and web/email gateways.

Ninety-nine percent of enterprises have had malicious infections entering the network each week, with 80 percent of the enterprises facing more than a hundred new cases per week. The bottom line: Existing, traditional enterprise IT defenses are not keeping up with highly dynamic, multistage attacks that cyber criminals now use to attack today’s enterprises and federal agencies.

“Back in October, Tom Plombon of FireEye came to Milestone’s training facility in Minneapolis to talk about the malware and cyber threats discovered by the FireEye systems in major corporate networks all over the U.S.,” said Terry Shidla, CISSP, Milestone Systems. “This new report — the first of its kind — compiles and tabulates all that evidence. Anyone involved in IT security should be very concerned.”

Advanced Malware Demands Advanced Defenses

The Advanced Threat Report is based upon FireEye’s Malware Protection Cloud threat data shared by thousands of FireEye appliances and direct malware intelligence uncovered by FireEye’s research team. The report, which covers the first half of calendar year 2011, provides a global view into cyber attacks that routinely bypass traditional defenses.

The report finds that cyber criminals are using highly dynamic malware to circumvent traditional signature-based defenses — with 94 percent of malicious executables and malicious domains changing within 24 hours. The report highlights the top infections for 2011, and shows that attackers continue to rely upon customized malicious code toolkits to develop and distribute their threats.

The “Top 50” malware families account for more than 80 percent of successful infections seen in the wild. The most prevalent attacks are fake antivirus scams and information-stealing malware. Fake AV programs act as a conduit for more serious malware infections and information-stealing malware that targets user credentials, enabling the theft of intellectual property and sensitive data.

“As criminals develop and invest in advanced malware, enterprises must also reinforce traditional defenses with a new layer of dynamic security that can detect these threats in real time and thwart malware communications back to command-and-control centers,” Shidla said. “This extra defense layer needs to be designed specifically to fight the unknown and zero-day tactics that dominate targeted and advance persistent threat attacks.”

Key Findings from the FireEye Advance Threat Report — 1H2011

Unlike typical threat reports that focus on well-known threats, the FireEye Advanced Threat Report examines unknown threats and advanced attacks that have successfully evaded traditional signature-, reputation- and behavior-based defenses. These attacks are dynamic, targeted, stealthy and very effective at compromising enterprise network. FireEye gathers this data through its advanced appliances deployed in enterprises worldwide. The report features FireEye Malware Intelligence Labs’ analysis of this real-time threat data.

In summary, the FireEye report shows that:

•  Ninety-nine percent of enterprise networks have a security gap despite $20 billion spent annually on IT security.

• Successful attacks employ dynamic, “zero-day” malware tactics. Ninety percent of malicious binaries and domains change in just a few hours, 94 percent within a day.
  
• The fastest-growing malware categories are fake AV programs and information-stealing executables.
  
• The “Top 50” of the thousands of malware families generate 80 percent of successful malware infections.

To close these gaps, organizations must presume that their networks are compromised and supplement traditional defenses with tools designed to thwart today’s sophisticated attacks. Download the full report at http://www.milestonesystems.com/static/literature/FireEye_Advanced_Threat_Report_1H2011.pdf

Ready to take action? Contact your Milestone representative to learn about cost-effective security solutions and strategies that can help reduce threats in 2012.