**This post was originally published on Verizon Enterprise, here.
There’s no sign that the explosion in the volume of cyberattacks that plagued many industries in 2012 will stop – there is no reason for it to stop either. The 2013 Data Breach Investigations Report (DBIR) makes revealing observations about the new cyberthreat landscape:
- Breaches are a multi-faceted problem, and any one-dimensional attempt to describe them fails to adequately capture their complexity;
- There’s a striking correlation between threat actor motives and the variety of data compromised;
- Some interpret attack difficulty as synonymous with the skill of the attacker, and while there’s some truth to that, it almost certainly reveals much more about the skill and readiness of the defender.
In 2012, companies of all sizes were targeted with only a few of the breaches making headlines in the media. One should expect that the actual volume of breaches was much higher than what was made public.
Various researchers have been shedding light on the new nature of these attacks. The DBIR highlights that 6 percent of breaches remained undiscovered for months or more. In its "Modern Malware Review", Palo Alto Networks reports that 5 percent of observed malware behaviors focused on evading security or analysis. Additionally, attempting a long sleep to avoid analysis was the most common malware behavior overall. Because they’re targeted, and use more a sophisticated approach over a lengthy period of time to achieve their goals, today’s serious attacks are often referred to as "Advanced Persistent Threats" or "APT".
While security vendors have introduced solutions to address this new form of attacks, many of them have simply overlooked one key aspect of the new security predicament: the sheer volume of attacks.
Security teams need to be equipped with tools that can not only prevent attacks and APTs, but are also sufficiently automated to deal with their rising volume. IT teams initially deployed firewalls to secure access to specific ports. Over the years, as their network infrastructure became more complex and malware more common they bolted more security tools on to their infrastructure. The result is a highly fragmented security portfolio that is impossible to manage, does not scale and has turned security into a business impediment.
Innovative solutions promoting a new approach to network security have emerged such as Palo Alto Networks next-generation firewalls, which deliver all major security functions natively within the firewall. This naturally enables security teams to identify, investigate and stop suspicious traffic in a much more efficient way. It provides a full view of all relevant information, including which application, user, or content are impacted, so that needed actions can be taken immediately. If you’re interested in learning more about the why and how of Next-Generation Firewalls feel free to download the 2013 Gartner Magic Quadrant from Enterprise Firewalls.