Conventional security practices are becoming less effective. Security solutions such as antivirus, encryption, data leakage prevention, patch management and vulnerability assessment assume that all endpoints on the network are well-managed, contain up-to-date and working security agents, and all remain static on the network (not transient).
These are problematic assumptions given today’s reality of Bring Your Own Device (BYOD), the fast growing number of Internet of Things (IoT)-devices, and the mobile computing requirements demanded by your increasingly mobile workforce.
Frost & Sullivan conducted a survey 1) on behalf of ForeScout and the results were shocking.
The Network Visibility Survey
The survey asked IT and security professionals at 400 large corporations located in the US, UK and Germany questions about security breaches and the efficacy of certain network security tools.
Key findings were:
- 72% of the company networks had five or more security incidents in the last 12 months. This is a five times increase compared to a similar survey conducted 18 months earlier with IDG 3). Five security incidents in a year is significant, incurring a high security risk, potential brand damage and high associated cost (according to the Ponemon Institute, the average annualised cost linked to cybercrime is 7.7 M$ for large corporations 2).
- Surprisingly, managed end-user computers are the main entry point for hackers. BYOD- and IoT-devices, as well as managed servers, are important additional entry points to corporate networks that need to be addressed.
- 27-37% of the respondents had low confidence in the operational capabilities of installed agents at corporate managed computers – representing a huge gap in each company’s security attack surface.
- Current network security technologies tend to work as silos. Vulnerability Assessment tools, Firewalls, Network Intrusion Prevention, Advanced Threat Detection, SIEM, Mobile Device Management, Endpoint Protection, Patch and Configuration Management appliances, all suffer from “significant” blind spots.
- The increasing complexity of network and information security burdens security teams that are already overtaxed. Most organisations report that they have not enough skilled security employees; as a result 50-70% of the respondents would embrace automated controls.
Click here to view the complete survey, which demonstrates that no network component is truly secure.
Continuous Monitoring & Mitigation
A foundational element of network security is knowing what is on the network, and how each infrastructure device and endpoint is related. The Frost & Sullivan Network Visibility survey shows that organisations lack true visibility to the devices connecting to their networks and the state they are in. BYOD, IoT and other transient devices have changed the game in terms of network exposure. Today’s security best practices should include:
- Agentless endpoint identification, to be able to see the (broken) managed endpoints, BYOD and IoT devices connected to your network.
- Automated, policy-based controls to respond immediately to security incidents, release time for your overloaded security staff, enforce compliancy and reduce operational costs.
- Platform integration – share information to enhance your existing security systems and optimise the investments done.
Companies need to see what’s connected to their network, including all managed and unmanaged devices. They need automated tools to help overstretched security teams and also need orchestration to share information between their numerous different security appliances. Next-generation network access control (NAC) technologies can assist with all of these aspects.
1) Continuous Monitoring and Threat Mitigation with Next-generation NAC – A Frost & Sullivan White Paper, March 2016.
2) Ponemon Institute Research Report – 2015 Cost of Cyber Crime Study: Global, October 2015.
3) IDG – State of the IT Cyber Defence Maturity – July 2014.