CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?


Incident Response

Enterprises Generate 10,000 Security Events Per Day on Average: Report

According to a new report provided by threat protection vendor Damballa, the devices in an average company’s network are generating an average of 10,000 security events per day, with the most active generating roughly 150,000 events per day.

According to a new report provided by threat protection vendor Damballa, the devices in an average company’s network are generating an average of 10,000 security events per day, with the most active generating roughly 150,000 events per day.

Compiled from analysis of 50% of North American ISP Internet traffic and 33% of mobile traffic, along with large volumes of traffic from global ISPs and enterprise customers, the report found that large, globally dispersed enterprises were averaging 97 active infected devices per day and leaking an aggregate average of more than 10GB of data per day.

“Such figures illustrate how daunting it is for security staff to manually trawl through mountains of alerts in order to discover which (if any) constitute a real and present threat,” the Damballa explained in its Q1 2014 State of Infections Report (PDF).

Putting some other security statistics into perspective, the Pentagon reportedly experiences 10 million “cyber break-in attempts” per day, while energy giant BP said last year that it suffers 50,000 cyber-intrusion attempts each day. 

These statistics also highlight the daunting task security teams responsible for manually analyzing huge volumes of security events are faced with, and shed light on why attacks often go undetected for so long.  

“Advanced techniques such as Domain Generation Algorithms (DGA), used by threat actors to generate vast quantities of random domain names, can evade prevention controls and delay identification of actual infections,” Damballa explained. “These techniques require security teams to wade through thousands of anomalous IP domains in order to find the IP address that carries the real payload.”

“We are already facing a profound scarcity of skilled security professionals, which the latest Frost & Sullivan figures estimate will equate to a 47% shortfall by 2017,” said Brian Foster, CTO of Damballa, “If we compound this fact with the increase in data breaches and the scope of work required to identify a genuine infection from the deluge of security events hitting businesses every day, we can see why security staff are struggling to cope.”

According to a recent jobs study from Burning Glass Technologies, demand for cyber-security professionals remained high in 2013. Burning Glass identified 209,749 national postings for cyber-security jobs in 2013, and determined that the average salary for a cyber-security posting was $93,028, according to the report, which was compiled by reviewing job postings across 32,000 online sites daily.

Advertisement. Scroll to continue reading.

“Automated incident detection is an important part of the solution to free valuable security staff from the labor-intensive task of sifting through false-positives, to focus on the more important issues of speedy remediation and threat mitigation,” Foster added.

As SecurityWeek columnist Chris Hinkley noted in a recent column, high-end department store Neiman Marcus, which recently experienced a significant data breach, was reportedly warned over and over by roughly 60,000 alerts triggered in its own security system, but the warning signs went unnoticed. 

“The most advanced technology in the world is only as good as the people and systems behind it,” Hinkley wrote. “Otherwise your sophisticated security device is nothing more than a paperweight. If you’re using self-detection devices to guard perimeter security and network security, for example, your devices inspect your systems, compile logs of activity and alert you when something is anomalous. But your organization still needs a skilled and diligent team to monitor and analyze those events, draw correlations and react appropriately.”

According to a report from Ponemon Institute, it takes companies an average of nearly three months to discover a malicious breach and four months or longer to resolve it.

“The ability to reduce the time-to-discovery from 90 days to 1 day, across those 97 infected devices, would result in a savings of 89 man-days per device, or 8,633 man-days (23.65 years) per enterprise,” Damballa said. “Not only is this a tremendous saving in time, but it significantly shrinks the window of when an enterprise is vulnerable to that particular attack.”

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.