Attackers bypass conventional security, says FireEye study
Hackers breach most conventional, signature-based security technologies, with 27% involving advanced threats
Around 96% of conventional, signature-based security technologies were breached in a study conducted by security firm FireEye, with 27% of breaches involving advanced threats.
The study collected and evaluated security alerts that bypassed companies’ existing, active security systems.
These systems included signature-based firewalls, intrusion prevention systems, web gateways, antivirus systems and various combinations of these tools.
The data shows that attacks getting through multiple layers of conventional defence-in-depth tools in most deployments, said the report.
“Despite the billions of dollars poured into conventional defences every year, attackers are compromising networks almost at will. It doesn’t matter what vendor or combination of typical defence-in-depth tools an organisation has deployed. And it doesn’t matter how well these tools performed in lab tests. Real-world attackers are bypassing them all,” the report said.
More than 1,000 businesses took part in the study from January 2014 to June 2014, installing FireEye technologies behind all other security systems to test their efficacy.
READ MORE ABOUT ADVANCED CYBER THREATS
- Malware defense: How to detect and mitigate advanced evasion techniques
- New ways to navigate advanced security threats
- Advanced threat detection products yet to earn trust of enterprises
- Endless variety: Dealing with advanced threats
- Advanced threat-detection products emerge: Benefits and challenges
- The changing face of advanced malware detection
Retail in the firing line
“When just one advanced attack slips past the existing defences of companies, it can have both a costly and debilitating impact that takes months to repair,” said Dave DeWalt, chairman and CEO at FireEye.
“The results of the study clearly shows that there are gaps in the way many global businesses are secured, opening the door for aggressive threat actors to conduct anything from state-sponsored espionage to cyber crime.”
The study found that 100% retail organisations involved in the study were breached, with 17% of breaches consistent with advanced threats.
All participants from the agriculture, transportation, education, and healthcare and pharmaceuticals industries were breached during the study.
More than a third of breaches in the healthcare and pharmaceutical sector were consistent with advanced threats.
Study urges tighter integration
Next in line were entertainment and media organisations, of which 91% were breached during the study, with 18% consistent with advanced threats.
More than a quarter of all organisations experienced breaches known to be consistent with tools and tactics used by advanced persistent threat (APT) actors.
The study showed that the aerospace and defense industry was the most secure, but still 76% of organisations involved were compromised during the study.
Organisations need to move away from “passive, poorly integrated defences that provide a fragmented view of threats and cannot connect the dots during advanced attacks,” the report said.
Instead, the report recommends a “tightly integrated, nimble architecture that enables big-picture vigilance” so that security teams can hunt for new and unseen threats.