IT managers cannot identify 45 percent of their organization’s network traffic, according to security specialists Sophos this morning, who commissioned Vanson Bourne to poll more than 2,700 IT decision makers around the world, including in the UK, Japan, India and Mexico.
“IT professionals have been ‘flying blind’ for too long”, Dan Schiappa, senior vice president and general manager of products at Sophos, said in a release. “Knowing who and what is on your network is becoming increasingly important. This dirty secret can’t be ignored any longer.”
The research also revealed that firewalls are failing to deliver the protection that organisations need, with an average of 16 computers per company being infected each month. Over three quarters (79 percent) of IT managers want better security from their firewalls including both perimeter security and internal protection to stop infections spreading, Sophos said.
“Your firewall is the gateway between your network and the internet. Often it is also the gateway between different parts of your IT environment — for example, your DMZ and servers, various LAN segments, wireless networks, and trusted and untrusted zones. Together with your endpoint protection, it’s an integral pillar of your security infrastructure,” the report said.
Firewall Failure
In terms of repelling attackers, Nuix’s recent survey of white hat penetration testers placed firewalls at rock bottom (5 percent) in terms of repelling attacks; host system hardening yielded the best results; this was followed by intrusion detection and prevention systems at 18 percent and endpoint security at 14 percent.
Perhaps, for that reason, better protection was the #1 desired firewall improvement for almost half of IT managers (48 percent) in Sophos’ survey – encompassing both perimeter security — to keep threats out — as well as internal protection to stop them spreading if they do get in.
Additionally, almost all (99 percent) of organisations looked to artificial intelligence (AI) and automation to solve these issues, stating that it would be useful if a firewall could isolate infections automatically.
Both the lack of visibility and the poor effectiveness of firewalls are down to the fact that the vast majority of conventional firewalls identify applications using signature-based detection, in the same manner that traditional antivirus software works, Sophos’ report authors noted.
“This brings with it the same issues as traditional AV — in this case applications that haven’t previously been encountered and cataloged, simply cannot be seen, and even if they have a signature, many applications go out of their way to alter their networking patterns to evade detection. What’s more, many applications have simply resorted to masquerading as web browsers to avoid control since nearly every firewall enables internet access for web surfing.”
The company claims that its XG Firewall provides better protection through technologies including deep learning, IPS, ATP, Sandboxing, and Dual AV.
See also:
Another Breach Report, Another Plea to Stop Clicking Spearphishing Links
Top 5 Reasons You Should Have Cyber Insurance