There is a significant gap in today’s enterprise IT defenses, as advanced malware and targeted attacks are easily evading traditional defenses, such as firewalls, intrusion prevention systems, antivirus, and Web/email gateways, according to FireEye.
99% of enterprises have had malicious infections entering the network each week with 80% of the enterprises facing more than a hundred new cases per week.
The bottom line: Today’s existing traditional enterprise IT defenses are not keeping up with highly dynamic, multi-stage attacks that cyber-criminals now use to attack enterprises and federal agencies.
Top categories of malware in the first two quarters of 2011.
Cyber criminals are using highly dynamic malware to circumvent traditional signature-based defenses with 94% of malicious executables and malicious domains changing within 24-hours.
The “Top 50” malware families account for over 80% of successful infections seen in the wild. In addition, the most prevalent attacks are Fake Antivirus scams and information stealing malware.
Fake AV programs act as a conduit for more serious malware infections and information stealing malware targets user credentials enabling the theft of key intellectual property and sensitive data.
Average infection rates of enterprises by major vertical market segment (cases per week per Gbps of aggregate egress traffic).
Key findings from the FireEye Advance Threat Report – 1H 2011:
- 99% of enterprise networks have a security gap despite $20B spent annually on IT security.
- Successful attacks employ dynamic, “zero-day” malware tactics. 90% of malicious binaries and domains change in just a few hours; 94% within a day.
- The fastest growing malware categories are Fake-AV programs and Info-stealer executables.
- The “Top 50” of thousands of malware families generate 80% of successful malware infections.
As criminals develop and invest in advanced malware, enterprises must also reinforce traditional defenses with a new layer of dynamic security that can detect these threats in real-time, and thwart malware communications back to command and control centers. This extra defense layer needs to be designed specifically to fight the unknown and zero-day tactics that dominate targeted and advanced, persistent threat (APT) attacks.
The complete report is available here.