THERE is a need to form a solid effort in combating cyber criminals as malware, ransomware and mobile malware attacks rise, McAfee Inc. said.
“The security industry faces critical challenges in our efforts to share threat intelligence between entities, among vendor solutions and even within vendor portfolios,” McAfee Vice President Vincent Weafer was quoted in a statement as saying. Those challenges include the following:
Volume. A massive signal-to-noise problem continues to plague defenders trying to triage, process and act on the highest-priority security incidents.
Validation. Attackers may file false threat reports to mislead or overwhelm threat-intelligence systems, and data from legitimate sources can be tampered with if poorly handled.
Quality. If vendors focus just on gathering and sharing more threat data, there is a risk that much of it will be duplicative, wasting valuable time and effort. Sensors must capture richer data to help identify key structural elements of persistent attacks.
Speed. Intelligence received too late to prevent an attack is still valuable, but only for the cleanup process. Security sensors and systems must share threat intelligence in near real time to match attack speeds.
Correlation. The failure to identify relevant patterns and key data points in threat data makes it impossible to turn data into intelligence and then into knowledge that can inform and direct security-operations teams.
“Working together is power,” Weafer said. “Addressing these challenges will determine the effectiveness of cyber-security teams to automate detection and orchestrate responses, and ultimately tip the cyber-security balance in favor of defenders.”
McAfee reported 974 publicly disclosed security incidents in 2016. The company noted the public sector in the US experienced the greatest number of incidents by far.
McAfee believes this may be caused by implementation of stricter requirements for reporting incidents, as well as an increase in attacks related to the US election process, mostly voter-database incidents and defacing of election web sites.
In the third quarter of last year, there was also an increase in incidents in the software-development sector was due to the rise in attacks on gaming platforms. In the finance sector, the SWIFT attacks on the banking sector led to a jump in incidents.
“Increasingly sophisticated attackers are evading discrete defense systems, and siloed systems let in threats that have been stopped elsewhere because they do not share information,” Weafer continued.