Damballa has published its Q1 2014 State of Infections Report

May 14, 2014 18:21 GMT  ·  By

IT security solutions provider Damballa has published its State of Infections Report for the first quarter of 2014. The report is based on the analysis of half of North America’s ISP Internet traffic, 33% of mobile traffic, along with traffic from global ISP and enterprise customers. 

The figures in the report show that around 10,000 security events are recorded on an average organization’s network each day. In some cases, as many as 150,000 security alerts were generated. The lowest number seen by Damballa is five alerts per day.

According to Damballa, the volume of activity depends on factors like the number of devices, supported operating systems and even industry.

When it comes to globally dispersed enterprises, the study has found that, on average, 97 active devices are infected every day. The average volume of data leaked from these large organizations is over 10Gb per day.

For example, Neiman Marcus, the retailer whose systems were compromised for around three months, got 60,000 alerts. Some of them were probably important, but it’s difficult to identify them when you have so many.

Threat actors rely on techniques such as domain generation algorithms (DGA) to constantly change the domain names for command and control servers, making it impossible for security teams to block their activity.

Damballa’s Failsafe solution is designed to address such challenges. However, many organizations still rely on manual work to identify actual infections.

“Traditional IT security controls can’t stop today’s threats. Organizations need to automate labor-intensive processes, like alert-chasing, and focus on discovering successful infections and triage the devices under the most risk. There aren’t enough trained security professionals in the world to solve the problem manually,” the report notes.

“We are already facing a profound scarcity of skilled security professionals, which the latest Frost & Sullivan figures estimate will equate to a 47% shortfall by 2017,” says Brian Foster, CTO of Damballa.

“If we compound this fact with the increase in data breaches and the scope of work required to identify a genuine infection from the deluge of security events hitting businesses every day, we can see why security staff are struggling to cope,” Foster adds.

“Automated incident detection is an important part of the solution to free valuable security staff from the labor-intensive task of sifting through false-positives, to focus on the more important issues of speedy remediation and threat mitigation.”

The complete Q1 2014 State of Infections Report is available on Damballa’s website (registration required).