A new report examines attack data captured by FireEye security appliances from 1,217 organizations around the world from October 2013 to March 2014.
Offering a unique glimpse into how well existing security products perform in real-world environments, the study concludes that signature-based firewalls, intrusion prevention systems, Web gateways, sandboxes, and AV solutions – and various combinations of those tools – fail to fully block attacks in 97 percent of organizations that deploy them.
“The harsh reality of today’s advanced threats and the threat actors behind them is that their attacks are increasingly unique in nature and morph quickly, meaning they can only be identified and stopped as they appear in the wild,” said David DeWalt, CEO, FireEye.
“Our results with businesses trialing our products around the world show there is a clear need for solutions purpose-built to detect and protect against advanced attacks. And, as attackers find more ways to hide in the real world, our ability to see the multiple threat vectors they use will help keep our customers one step ahead,” DeWalt added.
Key findings include:
- Nearly all (97 percent) organizations had been breached, meaning at least one attacker had bypassed all layers of their security architecture.
- More than a fourth (27 percent) of all organizations experienced events known to be consistent with tools and tactics used by advanced persistent threat (APT) actors.
- Three-fourths of organizations had active command-and-control communications, indicating that attackers had control of the breached systems and were possibly already receiving data from them.
- Even after an organization was breached, attackers continued to attempt to compromise the typical organization more than once per week (1.6 times) on average.
- On average, attackers’ software exploits and malware downloads bypassed other security layers 1.51 and 122 times, respectively.
The report details the scale of advanced targeted attacks and how effective they are against entrenched cyber defenses. 348 trial participants also took part in a survey, offering a comprehensive picture of their security architecture and a vendor-to-vendor comparison of each layer of the typical cybersecurity architecture.