NetWitness announces release of survey on growing risks of advanced threats

NetWitness, of Herndon, VA, will announce the release of a new study on July 6 entitled, “Growing Risks on Advanced Threats,” independently conducted by the Ponemon Institute, of Traverse City, MI.

NetWitness, who sponsored the survey, is trying to figure out if there is a good understanding of how deep advanced threats affect U.S. Government agencies. The Ponemon Institute analyzed the answers of 591 IT and IT security practitioners. The evaluated group defined advanced threats as “a methodology employed to evade an organization’s present technical and process countermeasures which relies on a variety of attack techniques as opposed to one specific type.”

The Ponemon Institute conducts research with the purpose of warning the public and private sector against potential threats that might affect personal and confidential information about individuals and organizations. It also provides consulting to private and public sector organizations interested in establishing or enhancing their privacy, data protection, and security practices.

The U.S. Government has a vested interest in reading this report. “People in the IT field say that the current technologies have problems keeping up with the threats,” Edward Schwartz, chief security officer for NetWitness told GSN: Government Security News in an exclusive interview. “How do you justify changes to procurement and training for U.S. Government agencies? They need research and this document will provide them with the views of 600 of their peers.”

One of the first points that came out of this study is that discovering the threats is actually an issue in and of itself. 79 percent of those surveyed disclosed they do not have visibility into these advanced threats. “This is a large number,” Schwartz stressed. “But what is even more interesting is that 90 percent declared that antivirus and intrusion detection systems – which are the most largely used techniques to prevent advanced threats - are not actually detecting these hazards. So basically, the respondents realize they are relying on the wrong techniques.” But in addition to that, three quarters of the respondents also stated that they are not confident in their protection system.

The lack of organization and readiness is the second curious point that came of the study. 76 percent of the surveyed group revealed that advanced threats are not a priority for their organization, and 81 percent believe that their IT department lacks awareness of the issue too. Schwartz highlighted the fact that officers of management and budget have only realized recently how important it is to build situation awareness.

The survey revealed a third thought-provoking point: 65 percent of the respondents stated that it takes between one week and two months to find out that they have been attacked by an advanced threat. “It means that during this time U.S. Government agencies computers are successfully attacked,” explains Schwartz. “Lot of damage can be done in the meantime. Botnets, Trojans and other attacks need to be detected more quickly.”

92 percent of the respondents asserted they need better network and traffic detectors solutions to improve the situation of advanced threats. And a majority advocated that companies hire people better trained against these threats. Therefore, according to Schwartz, this implies that Federal agencies need to focus more on network and traffic analysis, executive level management – especially in information technologies - need to be better educated, and U.S. Government agencies should be careful not to overly rely on existing (ie.: legacy) technologies. Hopefully, this report will help.

To face those dangers, Schwartz calls for a full packet capture solution. “If you have the ability to capture everything that crosses the wire, you are in a better position to prevent attacks,” he explained.

NetWitness offers a full packet capture product called NextGen. This solution is used by 65 percent of cabinet level Federal agencies. NetWitness’ NextGen is a network security monitoring solution that records everything on the network, re-using it multiple times to solve some of the most challenging problems facing organizations today including insider threats, data leakage, malware activity, asset misuse, network anomalies, compliance, and network e-discovery.