176 new cyber-threats detected every minute: report
Critical challenges threatening intelligent sharing are rising at a fast pace. A new report by McAfee reveals that 176 cyber threats (almost three every second), 88 per cent ransomware growth and 99 per cent mobile malware growth had been detected by the end of 2016.
The report further details the challenges facing threat intelligence sharing efforts, probes the architecture and inner works of Mirai botnets, assesses reported attacks across industries and reveals growth trends in malware, ransomware, mobile malware and other threats in Q6, 2016.
“The security industry faces critical challenges in our efforts to share threat intelligence between entities, among vendor solutions, and even within vendor portfolios,” said Vincent Weafer, Vice President of McAfee Labs. “Working together is power. Addressing these challenges will determine the effectiveness of cybersecurity teams to automate detection and orchestrate responses, and ultimately tip the cybersecurity balance in favor of defenders.”
The report goes on to review the background and drivers of threat intelligence sharing; various threat intelligence components, sources, and sharing models; how mature security operations can use shared data; and critical sharing challenges that the industry must overcome. Those challenges include:
Volume: A massive signal-to-noise problem continues to plague defenders trying to triage, process, and act on the highest-priority security incidents.
Validation: Attackers may file false threat reports to mislead or overwhelm threat intelligence systems, and data from legitimate sources can be tampered with if poorly handled.
Quality: If vendors focus just on gathering and sharing more threat data, there is a risk that much of it will be duplicative, wasting valuable time and effort. Sensors must capture richer data to help identify key structural elements of persistent attacks.
Speed: Intelligence received too late to prevent an attack is still valuable, but only for the cleanup process. Security sensors and systems must share threat intelligence in near real time to match attack speeds.
Correlation: The failure to identify relevant patterns and key data points in threat data makes it impossible to turn data into intelligence and then into knowledge that can inform and direct security operations teams.
To move threat intelligence sharing to the next level of efficiency and effectiveness, McAfee Labs suggests focusing on three areas:
Triage and prioritization: Simplify event triage and provide a better environment for security practitioners to investigate high-priority threats.
Connecting the dots: Establish relationships between indicators of compromise so that threat hunters can understand their connections to attack campaigns.
Better sharing models: Improve ways to share threat intelligence between our own products and with other vendors.
“Increasingly sophisticated attackers are evading discrete defense systems, and siloed systems let in threats that have been stopped elsewhere because they do not share information,” Weafer continued. “Threat intelligence sharing enables us to learn from each other’s experiences, gaining insight based on multiple attributes that build a more complete picture of the context of cyber events.”