Missed FireEye Alerts Reportedly Warned Of Security Lapse At Target


Retail giant Target Corp., still reeling from its massive data security breach late last year, could have avoided the crisis altogether if its security team followed up on alerts generated by a new network security appliance installed months earlier.

The firm's newly installed FireEye network security appliance detected a malware infection in late November. The triggered alert prompted a monitoring team in Bangalore, India, to warn the company's security personnel to investigate a potential incident. Despite the warning, and a second alert triggered by its Symantec endpoint security software, no action was taken, enabling attackers to upload millions of credit and debit cards to a remote server, according to a report in Bloomberg Businessweek.  

FireEye partners and other channel solution providers who sell, deploy and maintain network security appliances for their clients, say the issue is a basic problem that has plagued organizations for years. Businesses often don't have the resources to handle a wide variety of alerts generated by their systems. Other firms have teams that followed up on too many false positives, causing investigators to need corroborating evidence of a potential problem before taking a look.  

[Related: POS Resellers To Clients: You're Just As Vulnerable As The Big Retailers]

"The security industry is so focused on bringing in new tools and new boxes to address long-standing problems that organizations fail to address the basics," said Rick Doten, chief information security officer at Digital Management Inc., a Bethesda, Md.-based mobility solutions provider. "We've had the same kinds of lapses for years because organizations fail to bring in the people and have the right processes in place to address security incidents."

A study issued in February by the Ponemon Institute found that companies often fail to find the budgeting to add incident responders to the security staff, creating a process gap that can defeat the purpose of new security technologies. Shaq Kahn, CEO of Fremont, Calif.-based security service provider Fortifire, told CRN that while his firm is deploying FireEye and other network security appliances with new capabilities to detect custom malware and other threats, incident response is often an afterthought at organizations. Businesses are often wowed by the alerts detected during a product demonstration, he said.
 
"This problem has been around forever," Kahn said in a recent interview with CRN.  "Breach detection needs some kind of human interaction to follow up on the potential threat."
 
Minneapolis-based Target is still investigating the massive breach and what could have been done to avoid it. The retailer is said to have a team of at least 300 personnel dedicated to security management at its operations center. It announced plans to launch its own proprietary payment system based on EMV chip card technology in an attempt to thwart future attacks. The company told Wall Street this week that it spent $61 million in expenses related to the breach in its fiscal fourth quarter. Many of the costs, from breach investigation to legal defense, and offering identity theft protection services, were offset by $44 million insurance receivables, the company said. Meanwhile, sales have decreased 2.5 percent in the fourth quarter, the company said.

NEXT: Security Market Complexity Could Be Factor