McAfee’s report on the subject, titled Needle in a Datastack, finds that too many businesses are vulnerable to security breaches due to their inability to properly analyze or store Big Data. And worse, misplaced security confidence is putting organizations at further risk
More than a fifth of respondents to a survey (22%) said they would need a day to identify a breach, and 5% said this process would take up to a week. On average, organizations reported that it takes 10 hours for a security breach to be recognized.
“If you’re in a fight, you need to know that while it’s happening, not after the fact,” said Mike Fey, executive vice president and worldwide CTO for McAfee. “This study has shown what we’ve long suspected – that far too few organizations have real-time access to the simple question ‘am I being breached?’ Only by knowing this, can you stop it from happening.”
Yet that false sense of security is at work, possibly lulling businesses into ignoring the problem. Nearly three quarters (73%) of respondents claimed they can assess their security status in real-time, and a majority also responded with confidence in their ability to identify in real-time insider threat detection (74%), perimeter threats (78%), zero-day malware (72%) and compliance controls (80%). However, of the 58% of organizations that said they had suffered a security breach in the last year, just a quarter (24%) had recognized it within minutes. In addition, when it came to actually finding the source of the breach, only 14% could do so in minutes, while 33% said it took a day and 16% said a week.
“This false confidence highlights a disconnect between the IT department and security professionals within organizations, which is further highlighted when the Needle in a Datastack findings are compared with the recent Data Breach Investigations Report of security incidents,” McAfee noted. “The study of 855 incidents showed that 63% took weeks or months to be discovered. The data was taken from these organizations within seconds or minutes in almost half (46%) of the cases.”
And the threats are escalating: Needle in a Datastack found that on average, organizations are storing approximately 11–15 terabytes of security data a week, a figure that Gartner Group predicts will double annually through 2016. To put that in perspective, 10 terabytes is the equivalent of the printed collection of the Library of Congress. Despite storing such large volumes of data, 58% of firms admitted to only holding on to it for less than three months, thereby negating many of the advantages of storing it in the first place.
According to the McAfee Threat Report, the appearance of new advanced persistent threats (APTs) accelerated in the second half of 2012. This type of threat can lay dormant within a network for months or even years. Long-term retention and analysis of security data to reveal patterns, trends and correlations is crucial if organizations are to spot and deal quickly with these APTs.
“To achieve real-time threat intelligence in an age where the volume, velocity and variety of information have pushed legacy systems to their limit, businesses must embrace the analysis, storage and management of big security data,” the company said. “These ever-growing volumes of events, as well as asset, threat, user and other relevant data have created a Big Data challenge for security teams.”
With this need to identify complex attacks, organizations should go beyond pattern matching to achieve true risk-based analysis and modeling, McAfee advocated. “Ideally, this approach should be backed by a data management system able to create complex real-time analytics,” it said. “In addition to the ability to spot threats in real-time, organizations should have the ability to identify potentially sinister long-term trends and patterns. Beyond just finding a needle in a datastack, organizations should move to a longer time horizon with risk-based context to find the right needle, so they can proactively deal with today’s threats.”