This month, Verizon and the United States Secret Service teamed up to put together Verizon’s annual top-notch security report, “2010 Data Breach Investigations.” This document is regarded by professionals in the industry as the single most important IS report that comes out all year, and this year’s did not disappoint. The report highlights a number of recent malware trends and security suggestions that fit directly in with Umbra Data’s Dark Side Intelligence botnet mitigation solution.
What commonalities exist?
First, is a graph (page 3) that asks, “what commonalities exist?” The image illustrates that 61% of data breaches are discovered by a third party. This statistic demonstrates an insane level of reliance on third parties, such as credit card fraud detection departments, to be responsible for our protection. A second figure in the same graph revealed that 96% of breaches are avoidable through simple or intermediate controls!
What are the threat action categories/ functionalities?
The report also includes the threat action categories by percentage of breaches (page 20). Malware and hacking are the top two. Malware was shown to be the fastest increasing threat, rising from 23% in 2008, to 38% in 2010. Additionally, 94% of records are extracted due to malware. Both issues can be addressed largely by the implementation of Dark Side Intelligence. There is a graph (page 24) that shows the different malware functionalities. Approximately 2/3 of all data breaches are deployed using backdoor trojans, keylogger/spyware, and sending data to an external site/entity. With the application of the Umbra Data solution, users can eliminate these risks by cutting off the communication to the Command and Control (C&C) servers and rendering the top 3 violations, harmless.
Verizon’s Suggestions
There is also a list of suggestions (page 3), “where should mitigation efforts be focused?” Three out of seven items on the list are: “ensure essential controls are met, … filter outbound traffic, … and monitor and mine event logs.” Umbra Data incorporates all of these suggestions into the botnet solution. Their product provides the detail that is needed to establish/ enforce policy and conduct that level of monitoring.
Umbra Data’s Solution
By deploying the mitigation solution, instead of third parties notifying you of data breach problem you would be directly notified when your system is communicating with botnet C&C servers and it addresses the more automated methodologies that hackers use today. By using Dark Side Intelligence data your operation center can be very quickly notified about inappropriate traffic and your policy could potentially be set to block that traffic and mitigate the effects of an otherwise successful break in. Malware as a trend, in general, is increasing and will continue to do so until a viable solution is administered.
- Marc
