A new study by security firm Tripwire says IT security experts are very confident they can detect a breach, and that they can detect it quite fast. For automated tools, they do not share the same levels of confidence.
The survey questioned 763 IT professionals in various verticals, including retail, energy, financial services and public sector organizations in the US, about the seven key security controls that need to be in place in order to quickly spot an ongoing hack attack.
The seven key controls, which are required by security regulators, are PCI DSS, SOX, NERC CIP, MAS TRM, NIST 800-53 and IRS 1075. These controls also align with US-CERT recommendations and international guidance such as the Australian Signals Directorate’s Strategies to Mitigate Targeted Cyber Intrusions.
The company said the majority of respondents answered with confidence, saying they could detect a data breach. However, they weren’t sure how long it would take automated tools to discover some of the key indicators.
The key question revolved around the detection of unauthorized configuration changes, as that is, according to Tripwire, the "hallmark of malicious covert activity".
When asked how long it would take automated tools to detect unauthorized configuration changes to an endpoint on the organization’s network, 67 percent could not be precise or did not use such tools at all. Still, 71 percent said it would take minutes, or hours at worst, to detect a configuration change to an endpoint on the organization’s network.
"All of these results fall into the 'we can do that, but I’m not sure how long it takes' category", said Tim Erlin, director of IT security and risk strategy for Tripwire. "It’s good news that most organizations are investing in basic security controls; however, IT managers and executives, who don’t have visibility into the time it takes to identify unauthorized changes and devices, are missing key information that’s necessary to defend themselves against cyber-attacks".
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.
Photo Credit: elwynn/Shutterstock
Continue reading...