The FireEye system could have been configured to automatically remove the threat, but apparently because the software was new and untested at Target, the feature wasn't activated.
Such incidents show why IT operations can't depend on technology alone to secure business networks, said Gartner analyst Avivah Litan. Companies also need strong security polices and processes for managing systems — and for dealing with alerts, she said.
"In this case, Target apparently fell short on process and policies — they had the technology piece down," Litan noted.
She added Target's response is typical for large organizations. "In fact, I have heard several times and from several sources that in the case of each large breach over the past few years, the alarms and alerts went off but no one paid attention to them."
Sign up for MIS Asia eNewsletters.