There is a “critical need” for organisations to reduce time to detection (TTD) in order to remediate against sophisticated attacks by highly motivated threat actors.
The Cisco 2015 Midyear Security Report claims that the Angler Exploit Kit represents the types of common threats that will challenge organisations as the digital economy and the Internet of Everything (IoE) - otherwise known as the Internet of Things - create new attack vectors and monetisation opportunities for adversaries.
The report claims that new risks associated with Flash, the evolution of ransomware, and the Dridex mutating malware campaign, reinforce the need for reduced time to detection.
With the digitisation of business and the IoE, malware and threats become even more pervasive, which shines a light on the security industry’s estimates of 100 to 200 days for TTD.
In contrast, the average TTD for Cisco Advanced Malware Protection (AMP), with its retrospective analysis of attacks that make it past existing defenses, is 46 hours.
“Organisations cannot just accept that compromise is inevitable, even if it feels like it today,” says John N. Stewart, senior vice president, chief security and trust officer, Cisco.
“The technology industry must up the game and provide reliable and resilient products and services, and the security industry must provide vastly improved, yet meaningfully simplified, capabilities for detecting, preventing, and recovering from attacks.
“This is where we are leading. We are regularly told that business strategy and security strategy are the top two issues for our customers, and they want trusted partnerships with us.
“Trust is tightly linked to security, and transparency is key so industry-leading technology is only half the battle. We're committed to providing both: industry-defining security capabilities and trustworthy solutions across all product lines.”
Stewart believes that the findings also underscore the need for businesses to deploy integrated solutions vs. point products and enlist security services providers for guidance and assessment.
“Hackers, being unencumbered, have the upper hand in agility, innovation and brazenness,” adds Jason Brvenik, principal engineer, Security Business Group, Cisco.
“We see this time and again, whether it is nation state actors, malware, exploit kits or ransomware.
“A purely preventive approach has proven ineffective, and we are simply too far down the road to accept a time to detection measured in hundreds of days.
“The question of ‘what do you do when you are compromised’ highlights the need for organisations to invest in integrated technologies that work in concert to reduce time to detection and remediation to a matter of hours; and then they should demand their vendors help them to reduce this metric to minutes.”