Common Gaps in Network Security Strategies

Conventional security practices are becoming less effective. Security solutions such as antivirus, encryption, data leakage prevention, patch management, and vulnerability assessment assume that all endpoints on the network are well-managed, contain up-to-date and working security agents, and all remain static on the network (not transient).

These are problematic assumptions given today’s reality of Bring Your Own Device (BYOD), the fast growing number of Internet of Things (IoT)-devices, and the mobile computing requirements demanded by your increasingly mobile workforce.

Frost & Sullivan on behalf of Forescout conducted a survey¹ and the results were shocking!

The Network Visibility Survey

The survey asked IT and security professionals at 400 large corporations located in the US, UK and Germany questions about security breaches and the efficacy of certain network security tools.

Key findings are:

72% of the company networks had five or more security incidents in the last 12 months. This is a five times increase compared to a similar survey conducted 18 months earlier with IDG ³.
Five security incidents in a year is significant, incurring a high security risk, potential brand damage and high associated cost (according to the Ponemon Institute, the average annualized cost linked to cybercrime is 7.7 M$ for large corporations².
Surprisingly, managed end-user computers are the main entry point for hackers. BYOD- and IoT-devices, as well as managed servers, are important additional entry points to corporate networks that need to be addressed.
27-37% of the respondents had low confidence in the operational capabilities of installed agents at corporate managed computers – representing a huge gap in each company’s security attack surface.
Current network security technologies tend to work as silos. Vulnerability Assessment tools, Firewalls, Network Intrusion Prevention, Advanced Threat Detection, SIEM, Mobile Device Management, Endpoint Protection, Patch and Configuration Management appliances, all suffer from “significant” blind spots.
The increasing complexity of network and information security burdens security teams that are already overtaxed. Most organizations report that they have not enough skilled security employees; as a result 50-70% of the respondents would embrace automated controls.

Please click here to view the complete survey, demonstrating that no network component is truly secure.

If you can’t see it, you can’t control it.

A foundational element of network security is knowing what is on the network, and how each infrastructure device and endpoint is related. The Frost & Sullivan Network Visibility survey shows that organizations lack true visibility to the devices connecting to their networks and the state they are in. BYOD, IoT and other transient devices have changed the game in terms of network exposure. Today’s security best practices should include:

Agentless endpoint identification, to be able to see the (broken) managed endpoints, BYOD and IoT devices connected to your network.
Automated, policy-based controls to respond immediately to security incidents, release time for your overloaded security staff, enforce compliancy and reduce operational costs.
Platform integration – share information to enhance your existing security systems and optimize the investments done.

Conclusion

Companies need to see what’s connected to their network, including all managed and unmanaged devices. They need automated tools to help overstretched security teams and also need orchestration to share information between their numerous different security appliances. Forescout can assist with all of these aspects.

References:

Continuous Monitoring and Threat Mitigation with Next-generation NAC – A Frost & Sullivan White Paper, March 2016
IDG – State of the IT Cyber Defense Maturity – July 2014