FireEye Releases First Advanced Threat Report

Wednesday, August 31, 2011



Security provider FireEye has released their inaugural Advanced Threat Report, which claims to take a different approach to the myriad of vendor-produced studies on the threat landscape.

FireEye's report focuses on "new and dynamic" attack methodologies based on data collected about successful attempts to circumvent traditional security apparatuses.

The report examines malware attacks that are already known to regularly bypass traditional intrusion detection, firewalls, antivirus and Web gateways.

"The standard security reports have focused mainly on the threats that have been around for months or years and have been published by traditional security vendors of firewall, IPS, antivirus, and Web/email gateways... the FireEye Advanced Threat Report focuses on the threats that have successfully evaded traditional defenses. These are the unknown threats and advanced attacks that are dynamic, targeted, and stealthy. And, they are extremely effective for compromising organizations’ networks." the report states.

The Advanced Threat Report seeks to better understand where the gaps are in traditional system defenses by examining how attackers are continuing to be successful in breaching networks inspite of the highest levelsof IT security spending ever recorded.

"Based on our analysis of 1H2011 threat data, today’s cyber criminals are breaking through traditional security defenses at an alarming rate despite the $20B invested in IT security in 2010. We are clearly in a new era of dynamic cyber attacks that are very successful at evading traditional defenses, leaving virtually every enterprise vulnerable to data theft, cyber-espionage and intellectual property alteration, theft and destruction," the report notes.

The report notes that successful attackers are known to be relying on customized toolkits and multi-stage attacks that involve sophisticated social engineering schemes to circumvent security on government and prive sector systems.

Key Findings in the FireEye Advanced Threat Report

1) 99% of enterprises have a security gap, despite $20B spent annually on IT security. Within a given week, the typical enterprise network has anywhere from hundreds to thousands of new malicious infections and all industries are under sustained attack.

2) 90% of malicious executables and malicious domains changed in just a few hours. The dynamic nature of modern attacks is the primary means to bypass signature-based tools, making defenses such as antivirus and URL blacklists ineffective.

3) The fastest growing malware categories are Fake-AV programs, which take part in extortion tactic and info stealers, which abscond information.

4) The top 50 out of thousands of malware families account for 80% of successful infections. Sophisticated toolkits and other means are enabling the rapid production of advanced malware.


Possibly Related Articles:
Antivirus Firewall Enterprise Security malware Advanced Persistent Threats Headlines Network Security Attack Vector toolkit FireEye
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.