Through a new dashboard, IT executives can gain visibility into the cyber threats successfully targeting their organization and benchmark effectiveness of their response processes.
A single dashboard brings together analysis of attack magnitude, incident response rate and time, compares your response performance to similar organizations, and compares your prevention rate with stats Seculert collects about other gateway vendors.
The metrics are derived from over-time analysis of egress logs from customer’s own web gateways and from crowdsourcing analysis of logs from multiple organizations and gateway vendors.
The dashboard can display statistics for different time periods.
In the report, ‘Key Findings’ provides a snapshot of the extent of malware attacks and how well they were contained.
In the example, Seculert identified 572 infections, 17,000 malicious communications, 260 Gigabytes exfiltrated data.
The longest infection lasted 162 days and 59% of infections were 'Allowed Through' to successfully communicate with a C&C host.
‘Incident Analysis’ drills down into malware activity and breaks down incidents according to their state containment.
In the example, the graph shows number of infected assets over time (orange) and number of assets sending malicious communications (gray).
The pie chart shows that 17.5% of incidents, malware was able to communicate with a malicious Command and Control host (red).
In additional 40.7% of incidents, malicious communication was eventually contained by being blocked by the gateway, or remediated (orange).
In the remainder of the 41.8% of incidents, malicious communication was blocked by the web gateway from the first attempt.
‘Incident Response Benchmarks’ displays an organization’s incident response, compares it to similar companies, and compares performance of different secure web gateways.
In the example, on average 19 incidents were remediated per week. An incident is considered remediated if the security operator reported the incident as Closed or if the incident expired (after 8 days of inactivity of malicious communications) and not seen since.
‘Infected Asset Remediation’ shows the amount of 'Open' (non-remediated) incident cases (orange) and the amount of incidents remediated (blue) over time.
‘Infection Days’ shows distribution of incident length until remediated and compares to other companies. For instance, 72% of incidents were remediated in less than 5 days.
‘Infection Rates’ compares proportion of infected assets in the network vs. other Seculert customers.
‘Gateway Prevention Performance’ compares proportion of infected assets that were 'Allowed Through' (communicated with a C&C) vs. other Secure Web Gateway vendors that Seculert analyzes.
In the above example, during the period of the report, on average 19 infected asset incidents were remediated per week. An incident is considered remediated if the security operator reported the incident as closed or that the incident expired (after 8 days of inactivity of malicious communications) and not seen since. ‘Infected Asset Remediation’ shows the amount of 'Open' (non-remediated) incidents on every day (orange) and the amount of incidents remediated on every day(blue).
For more information about the new Executive Report, login to the Seculert portal or contact your account manager today.