Malware, restoring data: What keeps data center techies up all night

Runaway software nasties are nightmare fuel for IT security pros, says survey

A majority of organizations polled in a data center and cloud security survey are dissatisfied with their malware containment and recovery times.

More than half (55 per cent) of survey respondents were dissatisfied with the length of time it takes them to contain and recover from hacker infiltrations and malware infections, with more than 17 per cent of respondents needing more than a week to contain an contagion. About 37 per cent reported containment times of up to eight hours.

The wide range of response times may be the result of the inability of some traditional security tools to assist organizations in detecting and managing assault scenarios. Most survey respondents use traditional security tools such as firewalls, IDSs (intrusion detection systems), intrusion prevention systems, identity and access management, and anti-malware.

The figures come from a poll of 430 security and risk professionals from the SANS Institute community, serious techies working at the security coal face of private and public sector organizations. More than two in five (44 per cent) of the SANS community who shared breach history had sensitive data accessed.

"When it comes to limiting damage and preventing data breaches, time continues to be the biggest challenge for security and risk professionals," said SANS analyst Dave Shackleford. "Most respondents said they use traditional tools to monitor traffic between data centers and internal or external clouds, and are unhappy with the level of visibility and containment speeds they get. If our security stance is going to improve, we need better visibility, the ability to make configuration changes faster, and to contain attacks more quickly."

Time is the biggest challenge enterprises face when trying to prevent infiltrations and limit damage. The full report [PDF] – The State of Dynamic Data Center and Cloud Security in the Modern Enterprise – goes deeper in revealing the challenges organizations face when trying to prevent and contain breaches, and provides guidance and suggestions on how to better secure today's modern infrastructure. The study was sponsored by enterprise security tools firm Illumio, a firm that has an obvious vested interest in pointing out the shortcomings of traditional enterprise security.

The prevailing (but by no means universal) wisdom is that security breaches are inevitable. Rather than keeping out attackers entirely, the goal has shifted toward detection, response, and remediation.

Containment capabilities, or the lack of them, seem to have played a major role in damages inflicted in some recent raids. For example, investigators looking into the US government Office of Personnel Management (21.5M compromised records) reckon attackers may have had access for up to 12 months. And medical insurance firm Anthem (80M records compromised) admits attackers had access for weeks." ®

Broader topics

Other stories you might like

  • Cheers ransomware hits VMware ESXi systems
    Now we can say extortionware has jumped the shark

    Another ransomware strain is targeting VMware ESXi servers, which have been the focus of extortionists and other miscreants in recent months.

    ESXi, a bare-metal hypervisor used by a broad range of organizations throughout the world, has become the target of such ransomware families as LockBit, Hive, and RansomEXX. The ubiquitous use of the technology, and the size of some companies that use it has made it an efficient way for crooks to infect large numbers of virtualized systems and connected devices and equipment, according to researchers with Trend Micro.

    "ESXi is widely used in enterprise settings for server virtualization," Trend Micro noted in a write-up this week. "It is therefore a popular target for ransomware attacks … Compromising ESXi servers has been a scheme used by some notorious cybercriminal groups because it is a means to swiftly spread the ransomware to many devices."

    Continue reading
  • Twitter founder Dorsey beats hasty retweet from the board
    As shareholders sue the social network amid Elon Musk's takeover scramble

    Twitter has officially entered the post-Dorsey age: its founder and two-time CEO's board term expired Wednesday, marking the first time the social media company hasn't had him around in some capacity.

    Jack Dorsey announced his resignation as Twitter chief exec in November 2021, and passed the baton to Parag Agrawal while remaining on the board. Now that board term has ended, and Dorsey has stepped down as expected. Agrawal has taken Dorsey's board seat; Salesforce co-CEO Bret Taylor has assumed the role of Twitter's board chair. 

    In his resignation announcement, Dorsey – who co-founded and is CEO of Block (formerly Square) – said having founders leading the companies they created can be severely limiting for an organization and can serve as a single point of failure. "I believe it's critical a company can stand on its own, free of its founder's influence or direction," Dorsey said. He didn't respond to a request for further comment today. 

    Continue reading
  • Snowflake stock drops as some top customers cut usage
    You might say its valuation is melting away

    IPO darling Snowflake's share price took a beating in an already bearish market for tech stocks after filing weaker than expected financial guidance amid a slowdown in orders from some of its largest customers.

    For its first quarter of fiscal 2023, ended April 30, Snowflake's revenue grew 85 percent year-on-year to $422.4 million. The company made an operating loss of $188.8 million, albeit down from $205.6 million a year ago.

    Although surpassing revenue expectations, the cloud-based data warehousing business saw its valuation tumble 16 percent in extended trading on Wednesday. Its stock price dived from $133 apiece to $117 in after-hours trading, and today is cruising back at $127. That stumble arrived amid a general tech stock sell-off some observers said was overdue.

    Continue reading

Biting the hand that feeds IT © 1998–2022