Ineffective Defenses 55% of SecOps quarantine or remove malicious applications as a method of CISOs report using patching and configuration as a defense, while the others leave holes for the attackers to exploit 40% of all OpenSSL versions are older than 50 months, potentially exposing crypto keys and passwords 56% of SecOps report firewall logs are the most common tool to analyze compromised systems, offering limited data and no context For example, only No leading method to eliminate causes of security incidents were identified: Download the 2015 Annual Security Report Before an Attack During an Attack 59% After an Attack Only of SecOps report leveraging Identity Administration and Provisioning, which means over 50% of organizations lack context to user identity and activity 43% Only Defenders Malicious add-ons unwittingly loaded from untrustworthy sources The likelihood that users in highly targeted industries succumb to Clickfraud and Adware Users Complicit Enablers Unpatched browsers are a dominating concern Percentage of users running latest versions: 64% Google Chrome 10% Microsoft Internet Explorer 2X Exploit kit activity fell exploits dropped 34% 88% Preferred attack vectors: Attackers Shifting Attack Methods more prevalent than other types of malware Add-ons spike in October 250% Malvertising Downloader 6X SPAM 250% Malicious spam activity back on the rise Java Microsoft Internet Explorer Microsoft Silverlight Adobe Flash ©2015 Cisco and or its affiliates. Other company, product and service names may be trademarks or service marks of others. Once inside, attackers create a persistent, unchecked state of infection in stealth. Adversaries are committed to continually refining or developing new techniques that evade detection and hide malicious activity. Security teams must adapt their approach to protecting the organization and users from increasingly sophisticated campaigns. Based on 2014 data www.cisco.com/go/asr2015 Attackers Exploit Defensive Gaps
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Ine�ective Defenses
55% of SecOps quarantine orremove malicious applicationsas a method
of CISOs report using patching and con�guration as a defense, while the others leave holes for the attackersto exploit
40%
of all OpenSSL versions are olderthan 50 months,potentially exposing crypto keys and passwords
56%
of SecOps report �rewall logs are the most common tool to analyze compromised systems, o�ering limited data and no context
For example, only
No leading method to eliminate causes of security incidentswere identi�ed:
Download the 2015 Annual Security Report
Before an Attack
During an Attack
59% After an Attack
Only
of SecOps report leveragingIdentity Administration andProvisioning, which means over 50% of organizations lackcontext to user identity and activity
43%Only
Defenders
Malicious add-ons unwittingly loaded from untrustworthy sources
The likelihood thatusers in highly targetedindustries succumb toClickfraud and Adware
Users Complicit Enablers
Unpatched browsers are a dominating concernPercentage of users runninglatest versions:
64%GoogleChrome
10%MicrosoftInternet Explorer
2X
Exploit kit activity fell
exploitsdropped 34%
88%
Preferred attack vectors:
AttackersShifting Attack Methods
more prevalent than other types of malware
Add-ons spikein October
250%Malvertising
Downloader
6XSPAM250%Malicious spamactivity back onthe rise
Java
MicrosoftInternet Explorer
MicrosoftSilverlight
AdobeFlash
©2015 Cisco and or its a�liates. Other company, product and service names may be trademarks or service marks of others.
Once inside, attackers createa persistent, uncheckedstate of infection in stealth.
Adversaries are committed to continually re�ning or developing new techniques that evade detection and hide malicious activity. Security teams must adapt their approach to protecting the organization and users from increasingly sophisticated campaigns.
Based on 2014 data
www.cisco.com/go/asr2015
Attackers ExploitDefensive Gaps
Related Documents
