Lancope, a network visibility and security intelligence specialist, has released a survey indicating that many enterprises possess an unrealistic confidence surrounding the security of their networks.
According to the survey, more than 65% of IT/security professionals did not think, or were unsure whether, they had experienced any security incidents within the last 12-18 months.
According to Lancope’s director of security research, Tom Cross, this scenario is not likely. "Any system you connect to the Internet is going to be targeted by attackers very quickly thereafter," he said. "I would assert that if you’re unsure whether or not your organisation has had a security incident, the chances are very high that the answer is yes."
The survey also revealed that 38% believe recent security incidents had no impact on their organisation. According to Cross, "even the most basic malware infection has some financial cost to the organisation, even if it’s just the cost to clean infected machines. Not to mention the additional serious consequences that can result from a breach, including data loss, customer distrust, regulatory fines and many others."
Nearly 18% of respondents did admit to recently suffering from malware, and 16% said they had been the victim of distributed denial-of-service (DDoS) attacks. It is possible that many of these organisations have also suffered from other, more stealthy attacks and are just not aware. Insider threats, for example, can be difficult to detect because attackers have authorised access to the data they are looking to steal. Advanced, external attackers can also fly under the radar by constructing attacks that are likely to evade commonplace network security solutions.
Organisations were more realistic when evaluating the potential risk of insider threats to their infrastructure, with 32% naming it as one of the greatest risks. However, this concern was far overshadowed by fears associated with BYOD and mobile devices, coming in at over 50%. Because traditional security strategies cannot be easily applied to employee-owned assets, enterprise security professionals suffer from a lack of network visibility when it comes to mobile devices. This blind spot is obvious; but what about the blind spots that organisations don’t realise they have?
Areas of blind spots within the typical enterprise are many, including applications, network traffic, network devices, user activity, virtualised appliances and data centres, to name a few. Lancope was encouraged to also see "lack of visibility" top the list of greatest risks identified by survey participants, as well as "monitoring user activity" designated as a key challenge. Technologies like NetFlow can provide the much-needed visibility that many organizations currently lack.
Lancope’s StealthWatch System collects and analyzes NetFlow and other flow data from existing infrastructure to provide a complete picture of everything going on across the network. This pervasive visibility enables organisations to quickly identify and address anomalies in network and user behaviour that could signify a potential security risk. Not relying on signature updates to detect attacks, StealthWatch can identify a wide range of security issues within the network, including advanced attacks such as zero-day malware, APTs and insider threats.
"Organisations need to make sure that, when faced with the inevitable, they can identify an incident as quickly as possible," said Cross. "With new attacks making headlines on a nearly weekly basis, it’s time for organisations to take a more strategic, holistic approach when it comes to network security."