Verizon’s recent release of the 2014 Data Breach Investigations Report (DBIR) provided its usual valuable insights into the state and scale of cyberattacks. But those of us who spend our waking hours enhancing and fine-tuning cybersecurity defense tend to watch for one measurement in particular in such reports: the breach discovery gap.
The breach discovery gap is the time it takes IT security practitioners to discover a data breach after they have been breached by a cyberattack. As an industry, we strive to constantly improve the detection capabilities of our products to stop attacks before breaches occurs or, when they aren’t stopped, to narrow the breach discovery gap to zero. Ideally, the enterprise’s security infrastructure detects attacks in progress, immediately alerts enterprise security teams, and takes steps to mitigate and deflect the attack.
Unfortunately, Verizon’s research showed that more than 90% of attacks are successful in a day or less, but attacks are discovered in a day or less only 25% of the time. Further, this breach discovery gap actually widened in 2013.
Stopping attacks before they breach and narrowing the breach discovery gap requires the ability to detect threats at multiple points of attack across the enterprise. High cross-product detection effectiveness stops more attacks before they breach and shortens time to breach discovery and containment. It reduces false positives, which frees up IT security practitioners to focus on real issues, in-progress or imminent.
By reducing the time criminals have to operate, superior malware and threat detection reduces theft of intellectual property and customer data. It also reduces remediation costs, business risk, and the potential damage done to reputation, financial prospects, and operations.
In the first quarter of 2014, third-party testing organizations AV-TEST Institute and NSS Labs gave McAfee endpoint security, network security, and mobile security products premium grades for detection effectiveness.
- Consumer endpoint security. McAfee received our highest-ever protection score and overall ranking in the AV-TEST Consumer Endpoint test, and the highest malware block rate and top ranking in the NSS Labs Consumer EPP Comparative Analysis Socially Engineered Malware test.
- Enterprise endpoint security. We achieved our highest-ever overall score in the AV-TEST Enterprise Endpoint test, and the highest malware block rate and top ranking in the NSS Labs Enterprise EPP Comparative Analysis Socially Engineered Malware test.
- Data center IPS. McAfee’s data center intrusion prevention systems scored highest in its class for security effectiveness and scored a top ranking in the NSS Labs Data Center IPS Comparative Analysis Security Value Map (SVM).
- Mobile security. McAfee scored a perfect 6 for protection, and a perfect 13 score overall in the AV-TEST Mobile test.
A summary, bringing together all these great results, is available here.
McAfee has invested heavily to integrate its products within the Security Connected platform, allowing them to exchange real-time data on in-progress attacks, learn from external intelligence sources (such as McAfee’s cloud-based Global Threat Intelligence service), and become stronger with each attack in a way similar to that of an immune system strengthening itself with each disease it fights off.
Ultimately, there are as many optimal security strategies as there are enterprises, but detection effectiveness is truly the foundation of every one of them.