FireEye report: enterprise networks often have security gaps

News by Dan Raywood

Only five per cent of enterprise security networks are free of security gaps, despite a combined annual spend of over $20bn.

Only five per cent of enterprise security networks are free of security gaps, despite a combined annual spend of over $20bn.

According to FireEye's Advanced Threat Report for the second half of 2011, virtually all enterprises continue to be compromised by malware, with more than 95 per cent of them having malicious infections inside their network each week. It also claimed that almost 80 per cent of enterprises averaged an infection rate of more than 75 per week.

Based on statistics collected from the FireEye customer base where other security devices have been deployed, it claimed that even the most security-conscious industries are fraught with dangerous infections, and every company studied in every industry appears to be vulnerable and under attack.

Speaking to SC Magazine, James Todd, European technical lead at FireEye, said the larger problem is that malware and attacks have become more sophisticated over time. “They need to work to fill the gap as it cannot be filled with pattern-matching sequences,” he said.

Research from Kaspersky Lab this week revealed that more than half (62 per cent) of UK companies have been infected by malware. David Emm, senior security researcher at Kaspersky, said: “If you have never been infected by malware, it is easy to tell yourself that 'it won't happen to me', or at least to imagine that most of what we hear about malware is just hype.

“It would be naïve to suggest that there is no hype, there have always been those who have exaggerated the risks or over-inflated the potential cost of an attack. But for all this, the threat from malware is real and it can have a serious impact on business.”

The FireEye report also claimed that despite enterprises investing a combined $20bn a year on IT security systems, cyber criminals are able to evade traditional defences based on older technology: signatures, reputation and crude heuristics.

Another finding was that of the thousands of malware families, the ‘top 50' generated 80 per cent of successful malware infections, while 50 per cent of cases were attributed to the top 13 malware families.

The report claimed that in 2011, FireEye detected hundreds of thousands of malicious domains hosting the BlackHole toolkit, at a time when toolkits were increasingly being used to ‘drop' malware on vulnerable machines.

Todd said: “BlackHole utilises multiple exploits, but there are 50 families which prove that systems never catch up and they are highly successful. This is about volume and not advanced persistent threat.”

Ashar Aziz, founder, CEO and CTO of FireEye, said: “With the rise of information-stealer malware, it's more important than ever for companies in security-conscious industries such as financial services, healthcare and government sectors to closely examine their current IT defence perimeter, determine if advanced malware is entering their networks unimpeded and prevent the theft of intellectual property.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews