By Neil J. Rubenking May 14, 2014 8:07 AM EST The first quarter of this year was filled to bursting with news stories about data breaches. The numbers were alarming—40 million or more Target customers affected, for example. But the duration of some breaches also came as a shocker. Neiman Marcus's systems were wide open for three months, and the Michael's breach, which started in May of 2013, wasn't discovered until this January. So, are their security guys total lamers? A recent report from breach recovery provider Damballa suggests that's not necessarily true.The report points out that the volume of alerts is huge, and it typically takes a human analyst to determine whether or not the alert actually signifies an infected device. Treating every alert as an infection would be ridiculous, but taking time for analysis gives the bad guys time to act. Worse, by the time analysis is complete the infection may have moved on. In particular, it may be using a completely different URL to get instructions and exfiltrate data.
Full Article
Interesting article.
Indeed, and you can imagine what it must be like for the Webroot Threat Researchers and what they have to review & consider everyday...no pressure then, eh?
It gives them something to do though doesn't it :D
Seriously though it is quite a job keeping up with everything.
Seriously though it is quite a job keeping up with everything.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.