Real-Time Response, Integrated Intelligence, and Eight Indicators of Attack Key to Proactive Threat Prevention
SANTA CLARA, CA — November 18, 2014 — McAfee, now part of Intel Security, today issued a new report, When Minutes Count, that assesses organizations’ abilities to detect and deflect targeted attacks, reveals the top eight most critical indicators of attack, and examines best practices for proactive incident response. The report illustrates how much more effective enterprises are when they perform real-time, multi-variable analysis of subtle attack activity and factor time and threat intelligence in to risk scoring and incident response priorities.
A survey commissioned by Intel Security and conducted by Evalueserve, in conjunction with the report, suggests that a majority of companies lack confidence in their ability to detect targeted attacks in a timely manner. Even companies best prepared to handle targeted attacks are taking the time to investigate high volumes of events, contributing to a sense of urgency and organizational focus on creative approaches to earlier detection and more effective mitigation.
Key findings include:
“You only gain the upper-hand versus attackers when you address the time-to-discovery challenge,” said Ryan Allphin, Senior Vice President and General Manager, Security Management at Intel Security. “Simplify the frantic work of filtering an ocean of alerts and indicators with real-time intelligence and analysis, and you can quickly gain a deeper understanding of relevant events and take action to contain and deflect attacks faster.”
Given the importance of identifying critical indicators, the Intel Security report revealed the top eight most common attack activities that successful organizations track to detect and deflect targeted attacks. Of these, five reflected tracking events across elapsed time, showing the importance of contextual correlation:
“We noticed a workstation making odd authentication requests to the domain controller at two o’clock in the morning. That could be normal activity, but it could also be a sign of something malicious,” said Lance Wright, Senior Manager of Information Security and Compliance at Volusion, a commerce solutions provider contributing to the report. “After that incident we set up a rule to alert us if any workstation has more than five authentication requests during non-business hours to help us identify the attack early, before any data is compromised.”
“Real-time, intelligence-aware, SIEM technologies minimize time to detection to proactively prevent breaches based on contextualization of indicators during analysis and automated policy-driven responses,” said Allphin. “With the power to accelerate their ability to detect, respond to, and learn from events, organizations can dramatically shift their security posture from that of the hunted, to the hunter.”
To view the full Intel Security When Minutes Count report, please visit: www.mcafee.com/SIEM
About Intel Security
McAfee is now part of Intel Security. With its Security Connected strategy, innovative approach to hardware-enhanced security, and unique Global Threat Intelligence, Intel Security is intensely focused on developing proactive, proven security solutions and services that protect systems, networks, and mobile devices for business and personal use around the world. Intel Security is combining the experience and expertise of McAfee with the innovation and proven performance of Intel to make security an essential ingredient in every architecture and on every computing platform. Intel Security’s mission is to give everyone the confidence to live and work safely and securely in the digital world. www.intelsecurity.com.
Note: McAfee is a trademark or registered trademark of McAfee, Inc. in the United States and other countries. Intel is a trademark of Intel Corporation in the US and/or other countries. Other names and brands may be claimed as the property of others.