hp-security-research-cyber-risk-report-pdf-2-w-1408

Recommendations

Info

HP Security Research | Cyber Risk Report 2015ThreatsThe end game of many attackers that exploit vulnerabilities is to install various types ofmalware. In 2014 the malware problem continued unabated, and while the anti-malwareindustry has introduced multiple new approaches to the issues it faces, the impact of thosemeasures on the security of organizations and the public is questionable. Increasingly, antimalwaretechnologies rely on monitoring for particular behaviors rather than monitoring for thepresence of particular files, and they harness Big Data and cloud capabilities in order to detectand address new malware families by aggregating multiple data points and dimensions. Byutilizing these technologies, the ability to detect malicious files heuristically (that is, to identifymalware not seen before based strictly on its characteristics) has improved—but nowhere nearenough. The defenders are worried—are we winning the war against malware, or are we goingto be swept away by the rising tide?Windows malware overviewState of protectionYear after year, the number of newly created malware samples balloons. In 2013, AV-Test.org, a reputable independent anti-malware testing organization, collected 83 million malwaresamples. For 2014 the final number is expected to be close to 140 million. If we simplyextrapolate the numbers, we can be almost certain we will reach the 200 million mark in thecoming year.If we consider that 200 million number, we see that to reach it over the year, AV-Test—or anyreputable anti-malware vendor—should be capable of processing an average of 600,000samples every single day. The increasing number of samples poses great challenges for antimalwareengines, and the rates of detection for previously unknown malware instances aredeclining.Our tests on standard scanning engines, conducted over a set of over 80 million samplesin cooperation with ReversingLabs, show that detection of previously unknown samples atthe moment of discovery significantly varies from vendor to vendor. This illustrates the needfor complementary protection technologies that provide more dynamic protection. Thesetechnologies are usually built into most endpoint security products.Figure 6. Unique malware samples collected by AV-Test140120100Millions8060402002005 2006 2007 2008 2009 2010 2011 2012 2013 201424
HP Security Research | Cyber Risk Report 2015Figure 7. Various anti-malware vendors’ detection rates on previously unknown samples (normalized relative to the best-performing engine)100%100%95%96%95%93%90%91%85%80%85%83%81%81%80%75%A B C D E F G H I JRelatively low rates of change of detection for samples a week or longer after their discoveryshow that many malware threats are transient, with their initial distribution lifecycle lasting aday or less. In addition, this may indicate the inability of anti-malware vendors to process anever-growing number of incoming samples.The sheer volume of malware samples that appears every day plays into the hands ofactors with sufficient funds to conduct highly skilled targeted attacks and evade all layersof traditional protection. Large organizations have recognized the need to build securityoperations centers (SOCs) with skilled staff able to recognize, respond to, and remediateattacks when they happen.Unfortunately, the level of technical skill, experience, and knowledge required to addresstargeted attacks is high. There is a skill shortage, usually addressed by installing a combinationof incident response software and systems (such as sandboxes) designed to detect whateverportion of the attacker’s tools and malware managed to penetrate traditional layers of defense.The focus for organizations is not just how to protect, but rather how to respond and remediateattacks—understanding with certainty that attacks will be successful if carefully plannedand executed.25
Page 1 and 2: BrochureHP SecurityResearchCyber Ri
Page 3 and 4: HP Security Research | Cyber Risk R
Page 23: HP Security Research | Cyber Risk R
Page 74:
HP Security Research | Cyber Risk R
show all

hp-security-research-cyber-risk-report-pdf-2-w-1408

Create successful ePaper yourself

Delete template?

Save as template?