FireEye report: enterprise networks often have security gaps

Only five per cent of enterprise security networks are freed from security gaps, despite a combined annual spend of over $20bn.

According to FireEye's Advanced Threat Report for the second one half 2011, virtually all enterprises remain compromised by malware, with greater than 95 per cent of them having malicious infections inside their network each week. It also claimed that just about 80 per cent of enterprises averaged infection rate of greater than 75 a week.

Based on statistics collected from the FireEye customer base where other security devices was deployed, it claimed that even probably the most security-conscious industries are fraught with dangerous infections, and each company studied in every industry seems to be vulnerable and under attack.

Speaking to SC Magazine, James Todd, European technical lead at FireEye, said the bigger problem is that malware and attacks are becoming more sophisticated through the years. “They want to work to fill the space because it can't be crammed with pattern-matching sequences,” he said.

Research from Kaspersky Lab this week revealed that greater than half (62 per cent) of UK companies were infected by malware. David Emm, senior security researcher at Kaspersky, said: “If you may have never been infected by malware, one could tell yourself that 'it won't happen to me', or at the least to visualize that almost all of what we hear about malware is barely hype.

“It can be naïve to signify that there's no hype, there have always been folks that have exaggerated the hazards or over-inflated the prospective cost of an attack. But for all this, the threat from malware is real and it could have a major impact on business.”

The FireEye report also claimed that despite enterprises investing a combined $20bn a year on IT security systems, cyber criminals may be able to evade traditional defences in accordance with older technology: signatures, reputation and crude heuristics.

Another finding was that of the thousands of malware families, the ‘top 50' generated 80 per cent of successful malware infections, while 50 per cent of cases were attributed to the highest 13 malware families.

The report claimed that during 2011, FireEye detected thousands of malicious domains hosting the BlackHole toolkit, at a time when toolkits were increasingly getting used to ‘drop' malware on vulnerable machines.

Todd said: “BlackHole utilises multiple exploits, but there are 50 families which prove that systems never catch up and they're highly successful. Here's about volume and never advanced persistent threat.”

Ashar Aziz, founder, CEO and CTO of FireEye, said: “With the increase of data-stealer malware, it's more important than ever for corporations in security-conscious industries consisting of financial services, healthcare and government sectors to closely examine their current IT defence perimeter, determine if advanced malware is entering their networks unimpeded and stop the theft of intellectual property.”