This blog was written by Barbara Kay.
Where certain flamboyant IPOs and mergers might lead one to think advanced malware was a solved problem, Black Hat demonstrated just the opposite. This year, we uncovered that security experts are still spending days and weeks of each month dealing with advanced malware. In response to this realization, they acknowledge they need more than a “silver bullet” point product. Here’s why:
- 76% see advanced malware as a big or huge problem
- 43% attended the show in search of new advanced malware analysis and detection solutions
- 37% of respondents are spending more than 10 hours a week combating these threats
- 36% of organizations reported their biggest challenge is early detection
Black Hat this year felt much more commercial than previous years, but that seemed to be just what many attendees came for. In fact, 1 in 8 of the people we spoke to were CISOs, up from low single digits last year, and our 2nd annual Advanced Malware Survey gained 69% more participants than last year.
What is the biggest challenge in terms of defense against advanced malware?
Although the survey revealed that detection remained the most prevalent issue, chasing noisy false positives was listed as the fastest growing problem, with 25% more respondents emphasizing this as a challenge compared to 2013. While real time protection was rated as less difficult than last year, there’s a greater desire for a timely response: a breach notification that helps responders move more quickly to disrupt or contain an attack.
2014: How big of a concern is advanced malware at your organization?
More than 3/4 of respondents said that advanced malware was a major concern in their organizations, with less than half having a solution in place to address it. However, 43% of respondents say they are investigating a solution, a jump of over 20% from last year.
Does your organization use any technologies specifically for advanced malware defense?
Lucky attendees met TIE
It seems that while advanced malware remains a major concern for most organizations, they are still not equipped with the right solutions.
However, there’s good news for these folks. In our booth, we demonstrated the latest weapon in the Security Connected arsenal, the McAfee Threat Intelligence Exchange (TIE). This product addresses several of the problems emphasized by respondents by offering a centralized system for collecting and integrating local threat intelligence with industry threat intelligence and organizational preferences. As this solution contextualizes malware to increase detection and identification, it can also help you track down critical response data such as first contact and prevalence.
Intelligence Taps Analytics for a Confident Conviction
As a Security Connected solution, TIE can escalate to the McAfee Advanced Threat Defense for deep static and dynamic code analysis. Integration with McAfee Enterprise Security Manager (SIEM) can tighten up response timeframes, and reduce effort in understanding and mitigating the risk that advanced malware represents. That seamless integration was demonstrated to VIP customers in a live Hack and Defend demonstration in our private suite. [Missed out? We’ll be showing it again at VMworld and FOCUS 2014, our user conference in Las Vegas!]
The key message to take away from Black Hat is this: Although the need is greater, the help is better than ever before. Intelligent solutions can now help you rapidly identify the important signals and true malware in the noise of logs, alerts, and disguises.