“Many organizations lack the right staff size or skills necessary to address malware threats, but given their current workload and the information security skills shortage, it is unlikely they can fill this void quickly,” Oltsik said in his report.
Sixty-two percent of those surveyed believe their host-based security software is not effective for detecting zero-day attacks and other malware designed to bypass the software and remain stealthy on systems.
Security professionals should become intimately familiar with these phases so they can implement appropriate security controls for each phase and recognize anomalous behavior that may be associated with one or many phases of an attack.”
In addition, the survey found that 42 percent of organizations are testing or implementing security technologies that use sandboxing technology, virtual environments where files are quickly analyzed before being passed on to the end user.
About 39 percent of those surveyed said a group of security analysts dedicated to malware intelligence and analysis was created at their organization.
“While security professionals understand the basic concepts about malware, the [Enterprise Strategy Group] research indicates that a large number are unfamiliar with advanced malware properties.
Link: http://www.crn.com/news/security/240158935/sophisticated-malware-is-stumping-security-pros.htm