Survey: Most Networks are Unprepared for Quick Response
Solera Networks and Trusted Strategies conducted a survey on network forensics. Over 200 individuals participated in the survey. All belonged to organizations with at least 1,000 network nodes and either managed or were directly involved in the maintenance of their organization's computer networks.
Highlights of the findings include:
- More than 85 percent have had a major network incident in the past 36 months or expect to have one in the coming 36 months
- Over 75 percent agreed that a major security incident has a significant impact on the company's brand and reputation
- Nearly half say that when an attack occurs, it can take two to 10 or more days to determine the full scope of the incident
- Ninety-two (92) percent believe that it is important to have network forensics capabilities that can capture and record all network traffic...however, only 28 percent were very familiar with network forensic solutions
- Seventy-six (76) percent feel that they need to do more and their organization would benefit from more incident response tools.
- Forty-four (44) percent say they spend less than 25 percent of their overall security budget on incident response
- Twenty-four (24) percent don't have an effective incident response plan in place
Comments from survey respondents:
"Depending on the extent and complexity of a network security breach, pinning down exactly what happened and the full ramifications can take weeks - if it can be determined at all. In many cases it's literally impossible to learn the details of an intrusion and the full extent of the damages. The data just isn't there."
- Andrew Nielsen, Chief Security Officer at SINET
"Only a fraction of our network security budget is set aside for incident response. However, we've seen a trend during the last few years where we are spending more on response than we've allocated. We need to rethink our budget allocation and probably spend more on response."
- Jim Finley, former Deputy under Secretary of Defense for acquisition and technology
"You can only protect against threats you know, and you can't know all of them. That's why you need to be able to respond to breaches swiftly and effectively by doing root cause analysis. It's not enough to know that a machine is compromised; it's vital to know how it was subverted so you can fix the network and prevent a recurrence. Complete and irrefutable evidence of the event is essential in dealing with law enforcement, litigation, and regulatory compliance."
- John Bedrick, former senior security officer at Seagate, Microsoft, Intel
"My experience across intelligence collection, military operations, and law enforcement forensics leads me to believe that every company is at risk, and that preventative measures alone do not adequately protect against the cyber threat. Management needs to understand that mounting an effective response to an attack requires real-time knowledge of what is happening across their networks. The industry needs the tools to help us do that quickly."
- Ray Owen, Defense/intelligence cybersecurity executive and advisor.