rwt-as logo
Story image

Networks shrouded in lack of visibility - SANS Institute report

23 Apr 2020

A new report from the SANS Institute and ExtraHop has found that network visibility – specifically the lack of it – poses a high or very high risk to organisations worldwide – and many are worried about the risks that remote working is bringing to their business.

The 2020 SANS Network Visibility and Threat Detection Survey polled 213 respondents representing organisations with at least 1000 employees.

Of those respondents, more than 64% indicated that they had experienced at least one successful compromise over the last 12 months.

Close to half (44%) of respondents noted that employee desktops, now popular in remote working environments, may be the most likely attack vector. 

“Traditionally this judgment is a smart choice—humans are fallible—and we know attackers frequently target employee workstations as the initial point of entry. Cloud-based systems (40%), on-premises physical servers (35%) and virtual servers (35%) are perceived as the next riskiest groups,” the report notes.

More than half (59%) of respondents believe that a lack of network visibility poses high or very high risks to their organisation. Furthermore, 98% are concerned about their ability to see encrypted traffic – as only 12.4% stated 75-100% of their internal network traffic is encrypted.

More than half of respondents (52%) claim high visibility into traffic entering and leaving their network (north–south traffic), only 17% claim the same level of visibility into traffic moving within their networks (east–west traffic).

“For these organisations, the challenge is being able to see inside traffic to know whether there is a malicious payload in that encrypted data,” the report notes.

Other issues include physical devices – virtualised and physical servers, employer-owned devices, cloud servers, employee mobile devices, and network devices such as routers and firewalls.

Cloud servers and systems were ranked as a security concern for 40% of respondents.

ExtraHop SVP of marketing Bryce Hein says that network visibility has never been more critical.

"Organisations need to be able to see into east-west traffic to identify threats in the growing number of cloud workloads, as well as get visibility into which devices are accessing enterprise resources. The fewer tools, less time, and less friction required to get that visibility, the better.”

"Choose tools that use machine learning to provide improved analytics for access to the right data in less time," says report author Ian Reynolds. "This might assist in meeting staffing concerns and provide faster resolution of unexpected behaviours, threats and incidents."
 

Story image
Report: 151% increase in DDoS attacks compared to 2019
It comes as the security risk profile for organisations around the world increased in large part thanks to the COVID-19 pandemic, forcing greater reliance on cloud technology and thrusting digital laggards into quick and unsecured migrations.More
Story image
HPE launches new storage solution for SMEs
Hewlett Packard Enterprise has unveiled the next generation of its HPE Modular Smart Array (MSA), HPE MSA Gen 6.More
Story image
Acronis announces new security endpoint solution
The solution is an integration of data protection and cybersecurity which provides customers with effective endpoint protection in a landscape where the pointlessness of perimeter security is becoming more pronounced.More
Story image
Remote working brings benefits to businesses, but it's not without its challenges
"Now, its time to reflect and analyse this, to see what positive patterns have arisen that we need to reinforce and what negative patterns we see, that need to be changed."More
Story image
4 ways cloud ERP helps organisations build resilience and agility
Cloud-based enterprise resource planning (ERP) has become a sure-fire way to build business resilience through its timely and accurate insights into operations, and ability to adapt to the needs of the business. More
Story image
Report: Rushing into cloud migration directly related to security issues
A new report from Radware highlights the impact of COVID-19 on organisations compelled to digitally transform in order to maintain business continuity. More