A majority of organizations polled in a data center and cloud security survey are dissatisfied with their malware containment and recovery times.
More than half (55 per cent) of survey respondents were dissatisfied with the length of time it takes them to contain and recover from hacker infiltrations and malware infections, with more than 17 per cent of respondents needing more than a week to contain an contagion. About 37 per cent reported containment times of up to eight hours.
The wide range of response times may be the result of the inability of some traditional security tools to assist organizations in detecting and managing assault scenarios. Most survey respondents use traditional security tools such as firewalls, IDSs (intrusion detection systems), intrusion prevention systems, identity and access management, and anti-malware.
The figures come from a poll of 430 security and risk professionals from the SANS Institute community, serious techies working at the security coal face of private and public sector organizations. More than two in five (44 per cent) of the SANS community who shared breach history had sensitive data accessed.
"When it comes to limiting damage and preventing data breaches, time continues to be the biggest challenge for security and risk professionals," said SANS analyst Dave Shackleford. "Most respondents said they use traditional tools to monitor traffic between data centers and internal or external clouds, and are unhappy with the level of visibility and containment speeds they get. If our security stance is going to improve, we need better visibility, the ability to make configuration changes faster, and to contain attacks more quickly."
Time is the biggest challenge enterprises face when trying to prevent infiltrations and limit damage. The full report [PDF] – The State of Dynamic Data Center and Cloud Security in the Modern Enterprise – goes deeper in revealing the challenges organizations face when trying to prevent and contain breaches, and provides guidance and suggestions on how to better secure today's modern infrastructure. The study was sponsored by enterprise security tools firm Illumio, a firm that has an obvious vested interest in pointing out the shortcomings of traditional enterprise security.
The prevailing (but by no means universal) wisdom is that security breaches are inevitable. Rather than keeping out attackers entirely, the goal has shifted toward detection, response, and remediation.
Containment capabilities, or the lack of them, seem to have played a major role in damages inflicted in some recent raids. For example, investigators looking into the US government Office of Personnel Management (21.5M compromised records) reckon attackers may have had access for up to 12 months. And medical insurance firm Anthem (80M records compromised) admits attackers had access for weeks." ®