Siloed Network Security Leads to 5+ Incidents Per Year
Faced with a lack of security personnel and far too many network “blind spots,” almost three-quarters of Global 2000 companies experienced five or more network-based security incidents in the past 12 months.
Frost & Sullivan's Network Visibility Survey found that 72% of respondents saw that number—mostly driven by attacks on managed devices.
Perhaps expectedly, managed end user computers were the most-targeted, with nearly one-third of companies in the US, 19% of companies in the U.K. and 50% of German companies reporting five or more incidents mounted on PCs and Macs. Managed servers also served as gateways for attack in 27% of companies in the US, 19% of companies in the UK and 36% of German companies.
This sustained offensive against managed devices is leading to low customer confidence in security agents being deployed, the survey added. In fact, 37% of respondents reported they have low confidence in their patch management agents, followed closely by a lack of faith in mobile device management agents (35%), encryption agents (28%) and antivirus agents (27%).
In reality, the problem lies in a persistently siloed approach to network security—and a lack of personnel/automation within the security apparatus. Too many organizations deploy network security technologies in silos, with little or no communication between products and teams, leading to blind spots—and then they don’t have the headcount to adequately deal with the situation manually.
Most companies surveyed said that they have areas within their networks that can't be properly analyzed by their security gear—opening the door for unknown applications, traffic, devices and users to rummage through the corporate network undetected.
“The majority of traditional security tools typically operate as independent silos not designed to interoperate with each other,” the report noted. “Traditional security tools like VA and intrusion detection/intrusion prevention systems (IDS/IPS) have very specific use cases. VA scans end points for configuration errors and exploitability from known vulnerabilities. IDS/IPS sound alarms when a suspected perimeter breach is detected. Perimeter network defenses do each individual element well. However, many of these network defenses do not share contextual information with other peer security tools and don’t provide any native controls for threat mitigation.”
Firewall, vulnerability assessment and ATD products suffered the most from blind spots, followed closely by network intrusion prevention systems, security information and event management, enterprise mobility management and antivirus technologies.
"In today's distributed enterprise, creating a truly secure network, whether managed or unmanaged, requires instant visibility into the devices that are connecting to it, paired with an ability to automate threat responses," said Rob Greer, CMO and SVP of products at ForeScout, which commissioned the survey. "Vulnerable entry points are widespread, and the rise of the Internet of Things (IoT) devices and mobile computing is only increasing the security attack surface. Automation can help security teams orchestrate their technologies to help eliminate network blind spots—giving them true visibility and actionability into their connected devices."
Meanwhile, IT professionals unanimously responded that they would welcome a set of pre-determined security controls within each network security technology to facilitate automation and save critical resources. That's especially true for firewalls (67%), IPS (65%) and antivirus (63%).
"We've confirmed what most people already expect—that no company is truly secure without its security technologies working together. A siloed security approach can create network blind spots that have costly, long-term impacts on business continuity and brand reputation," said Chris Kissel, industry analyst for Network Security Research, at Frost & Sullivan. "Without full network visibility, these attack surfaces will only increase, given the fast-growing number of bring-your-own device (BYOD) and Internet of Things (IoT) devices being connected to corporate networks."
Photo © Photographee.eu
Source: Information Security Magazine