With tales of security breaches appearing in the news almost daily, and malware being implicated in many of them, security experts continue to emphasize the importance of malware containment. Unfortunately, statistics indicate it is nearly impossible for companies to contain malware through traditional methods, such as manual alert review and mitigation. A 2015 survey conducted by the Ponemon Institute verifies this conclusion.
According to the report, “The Cost of Malware Containment,” the average organization whose security system issues malware alerts will now receive nearly 17,000 alerts each week. Of these alerts, 19 percent (3,218) will be considered reliable, but only 4 percent (705) will be investigated. “This suggests that organizations do not have the resources or in-house expertise to detect or block serious malware,” Ponemon said in its report. This is troubling, given that the majority of study participants said the severity and volume of malware infections is increasing.
Equally disconcerting, two-thirds of the time spent by security staff investigating malware alerts is wasted due to faulty intelligence, such as false positives and/or false negatives. This waste can easily be avoided with the use of advanced automation tools, which evaluate malware threats, and in many cases can take action. (Only 40% of malware containment requires human input or intervention, per Ponemon’s survey).
Despite this fact, among the 600+ security and IT professionals surveyed, only 24 percent indicated they were using automated detection and response tools, and only 41 percent indicated they use automated tools to evaluate the severity of malware threats based on threat intelligence. In InterDev’s view, not using these tools represents a lost opportunity, because it is far more effective to automate the “grunt work” of malware detection and response than to expend hundreds of hours using human resources to chase ghosts.
In our opinion, it’s time for organizations to embrace the reality that automated scanning, response and remediation tools, used in tandem with trained experts who can successfully intervene on real infections, provide the only sensible way to fight malware and other threats that bombard organizational defenses daily. Any other approach is a waste of manpower.
Of course, selecting the right tools is also crucial to the effort. When an organization opts for best-in-class security platforms and tools, they will fight threats more effectively and almost always save time and money in the long run. They might even save their businesses.