“Last month, our IT and information assets generated $20 million in revenue in support of 15,000 people using 350 applications. To accomplish this feat, over 32 million connections were attempted across our systems and we applied specific control measures an average of 2.4 times per connection to ensure the completeness and accuracy of our transactions. As a result, over 4 million connections were blocked instantly for not meeting our basic requirements (with 99.75 percent success rate) and we identified 1,700 suspect connections that required further analysis. We ultimately determined that five of those 1,700 were attempted intrusions which we subsequently acted upon according to established procedures. There were no losses associated with the incidents.”
“Last month’s activity has brought to light some opportunities for improvement. We revisited our policies associated with the 4 million blocked connections and determined that approximately 10,000 (.25 percent) should have been allowed and we made a configuration change to address the issue. In addition, the policy associated with the 1695 initially suspected connections were evaluated and changes to our security posture were made that should reduce these false positives by 50 percent. To address the 5 incidents, we have instituted remedial training for the individuals involved and instrumented the affected systems with new means for intrusion detection.”
Read more in my article at CSOonline.com.