Companies can stop searching for the cyber needle in the alerts haystack - and wasting many hours and thousands of pounds -  by adopting a new 'detect and mitigate' mindset.
View this email in your browser

Callum Rookes is one of our technical consultants at Avatu. He's our expert in internet security products (such as Damballa), digital rights management software (such as Seclore FileSecure) and endpoint security products (such Avecto Defendpoint).

Stop searching for the cyber needle in the alerts haystack with a new 'detect and mitigate' mindset


Large companies are wasting thousands of man hours - and many thousands of pounds - chasing false alarms while the real threats slip by unnoticed, research has shown.

The unnerving reality was highlighted in the latest State of Infections report published by Damballa, which protects over 400 million devices worldwide with its detection focused cyber security technology.

The findings also reinforce the evolving view in the security industry that detection, and not prevention, is the future for real and comprehensive cyber protection.
New detect and mitigate mindset is evolving in cybersecurity

This new approach is, fundamentally, a change of emphasis.

Whereas prevention looks out onto the known threat landscape, detection tools look inwards (onto devices, networks and systems) to monitor for unusual or unexpected activity, providing actionable intelligence of danger rather than just more alerts.

A recent report from the Ponemon Institute revealed that organisations can spend 395 man hours a week – which equates to £860,000 a year – chasing false positives and false negatives.

This is a massive waste of time (and money) and it poses a threat to IT security too.

While security teams are caught up working on activity which poses no threat to their data security, they are also distracted from dealing with threats that can lead to a systems or data compromise, and advanced threats are slipping through the net and lingering undetected

Proving the point, Damballa ran a 10-month comparison experiment where it monitored the success of the four most commonly used anti-virus (AV) tools and discovered they missed almost 70% of malware on the first scan - and took six months to identify every single one as malicious threat.

The report said: "In a real world environment, a file would only be scanned once by AV. If the average security team receives 17,000 weekly alerts, or 2,430 a day, AV products will have missed 796 malicious files on day one.

"...the longer an infection dwells before discovery and remediation, the odds of data exfiltration increases.

"While large enterprises obviously deploy many layers of prevention besides AV, any technology designed to prevent infections based on one technique and/or prior knowledge of the threat will not suffice.

"That includes signature and reputation-based products as well as those using a single method to analyse traffic or payload, like sandboxes. If a product ultimately relies on seeing the inbound malware file first, it will miss the forest for the trees."

Prevention still has a part to play in every IT and cyber security strategy, says the report.

But it can’t - and doesn’t - stop every threat; as the Damballa research and each high profile hack continue to prove.

Download the full State of Inspections report here.

Find out more about Damballa and its specialist detection tools here too.

To get more advice on how to protect your business and critical business data on 01296 621121 now.

Avatu - the one-stop solution for:
cyber threat protectionIT and network security and forensic investigation tools

Copyright © 2021 *|LIST:COMPANY|*, All rights reserved.

unsubscribe from this list    update subscription preferences 

Email Marketing Powered by Mailchimp