View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Manual detection of malware activity is ‘impossible’

An average company’s network generates about 10,000 security events per day, while the active ones generate around 150,000 events, which could mask a targeted attack.

By CBR Staff Writer

It could be impossible to deal with It threats, with companies’ networks generating an avalanche of security events that could be associated with malware behaviour, a new report has warned.

According to the report from threat detection solution provider Damballa, an average company’s network generates 10,000 security events per day, while the active ones generate 150,000 events per day, which could mask a targeted attack.

A large, globally-dispersed company will report 97 active infected devices each day and leak an aggregate average of more than 10GB of data.

As hackers unleash an avalanche of anomalous traffic to mask targeted attacks, it could be impossible for security staff to go through the huge number of incidents or alerts to find out which is the real threat.

Damballa CTO Brian Foster said there is already a shortage of skilled security professionals, which the latest Frost & Sullivan figures estimate will equate to a 47% shortfall by 2017.

Foster said: "If we compound this fact with the increase in data breaches and the scope of work required to identify a genuine infection from the deluge of security events hitting businesses every day, we can see why security staff are struggling to cope.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

"Automated incident detection is an important part of the solution to free valuable security staff from the labor-intensive task of sifting through false-positives, to focus on the more important issues of speedy remediation and threat mitigation."

Malicious threat actors often use advanced techniques such as Domain Generation Algorithms (DGA) to generate vast quantities of random domain names to avoid prevention controls and delay identification of actual infections.

In order to remediate them, the security staff required to go through thousands of anomalous IP domains, to locate the IP address that carries the real payload, which could be impossible to do manually.

In a test conducted by Damballa Labs, where ‘dirty’ network traffic was replayed past more than 1,200 simulated endpoints, 538 pieces of evidence was collected and correlated for each actual infection – nearly impossible to do manually.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.