Targeted attacks - the threat keeps rising

INDIA: A new survey has pointed that security professionals are inundated with security incidents, averaging 78 investigations per organization in the last year, with 28 per cent of those incidents involving targeted attacks – one of the most dangerous and potentially damaging forms of cyber-attacks.

A new report, Tackling Attack Detection and Incident Response, from Enterprise Strategy Group (ESG), commissioned by Intel Security, examines organizations’ security strategies, cyber-attack environment, incident response challenges and needs.

According to the IT and security professionals surveyed, better detection tools, better analysis tools, and more training on how to deal with incident response issues are the top ways to improve the efficiency and effectiveness of the information security staff.

“When it comes to incident detection and response, time has an ominous correlation to potential damage,” said Jon Oltsik, senior principal analyst at ESG. “The longer it takes an organization to identify, investigate, and respond to a cyber-attack, the more likely it is that their actions won’t be enough to preclude a costly breach of sensitive data. With this in mind, CISOs should remember that collecting and processing attack data is a means toward action -- improving threat detection and response effectiveness and efficiency.”

Nearly 80 per cent of the people surveyed believe the lack of integration and communication between security tools creates bottlenecks and interferes with their ability to detect and respond to security threats. Real-time, comprehensive visibility is especially important for rapid response to targeted attacks, and 37 per cent called for tighter integration between security intelligence and IT operations tools. In addition, the top time-consuming tasks involved scoping and taking action to minimize the impact of an attack, activities that can be accelerated by integration of tools.

These responses suggest that the very common patchwork architectures of dozens of individual security products have created numerous silos of tools, consoles, processes and reports that prove very time consuming to use. These architectures are creating ever greater volumes of attack data that drown out relevant indicators of attack.

While the top four types of data collected are network-related, and 30 percent collect user activity data, it’s clear that data capture isn’t sufficient. Users need more help to contextualize the data to understand what behaviour is worrisome.

Users understand they need help to evolve from simply collecting volumes of security event and threat intelligence data to more effectively making sense of the data and using it to detect and assess incidents. Fifty-eight per cent said they need better detection tools, (such as static and dynamic analysis tools with cloud-based intelligence to analyse files for intent). Fifty-three per cent say they need better analysis tools for turning security data into actionable intelligence. One-third (33 percent) called for better tools to baseline normal system behaviour so teams can detect variances faster.