itb-nz logo
Story image

Networks shrouded in lack of visibility - SANS Institute report

23 Apr 2020

A new report from the SANS Institute and ExtraHop has found that network visibility – specifically the lack of it – poses a high or very high risk to organisations worldwide – and many are worried about the risks that remote working is bringing to their business.

The 2020 SANS Network Visibility and Threat Detection Survey polled 213 respondents representing organisations with at least 1000 employees.

Of those respondents, more than 64% indicated that they had experienced at least one successful compromise over the last 12 months.

Close to half (44%) of respondents noted that employee desktops, now popular in remote working environments, may be the most likely attack vector. 

“Traditionally this judgment is a smart choice—humans are fallible—and we know attackers frequently target employee workstations as the initial point of entry. Cloud-based systems (40%), on-premises physical servers (35%) and virtual servers (35%) are perceived as the next riskiest groups,” the report notes.

More than half (59%) of respondents believe that a lack of network visibility poses high or very high risks to their organisation. Furthermore, 98% are concerned about their ability to see encrypted traffic – as only 12.4% stated 75-100% of their internal network traffic is encrypted.

More than half of respondents (52%) claim high visibility into traffic entering and leaving their network (north–south traffic), only 17% claim the same level of visibility into traffic moving within their networks (east–west traffic).

“For these organisations, the challenge is being able to see inside traffic to know whether there is a malicious payload in that encrypted data,” the report notes.

Other issues include physical devices – virtualised and physical servers, employer-owned devices, cloud servers, employee mobile devices, and network devices such as routers and firewalls.

Cloud servers and systems were ranked as a security concern for 40% of respondents.

ExtraHop SVP of marketing Bryce Hein says that network visibility has never been more critical.

"Organisations need to be able to see into east-west traffic to identify threats in the growing number of cloud workloads, as well as get visibility into which devices are accessing enterprise resources. The fewer tools, less time, and less friction required to get that visibility, the better.”

"Choose tools that use machine learning to provide improved analytics for access to the right data in less time," says report author Ian Reynolds. "This might assist in meeting staffing concerns and provide faster resolution of unexpected behaviours, threats and incidents."
 

Story image
How 'data gravity' centres can spell trouble for enterprises
In the not-too-distant past, data was created in a much more centralised place, and users and systems had far less access to it. Now, with digital data from social, analytics, mobile, cloud, IoT and more being created with both simultaneity and omnipresence, so much information is being collected that it’s forming a ‘centre of gravity’.More
Story image
Dropbox goes 'Virtual First' as remote working becomes the new norm
Dropbox is investing in what it calls a ‘Virtual First’ working policy, which puts remote work front and centre of the company’s workforce culture.More
Story image
BayCom partners with NICE inContact to offer cloud contact centre platform in NZ
“With our extensive experience in the industry, BayCom has the ability to design, implement and support CXone nationwide, providing organisations with an industry-leading Contact Centre as a Service (CCaaS) solution to deliver on their customer experience strategies.”  More
Story image
On October 28, go from CX starter to champion with Zendesk
There could not be a better way to get at the heart of this topic than hearing from the experts whose mission it is to make sure customer service is the best of the best.More
Story image
SOC as a Service: Fortinet’s answer to today’s network challenges
Jon McGettigan, Fortinet A/NZ Regional Director, explains how SOC as a Service can back up your current SOC team, fast-track deployments and ensure regulatory compliance.More
Story image
TNS launches new retailer-focused secure SD-WAN offering
Transaction Network Services (TNS) has launched its new TNS Secure SD-WAN offering in partnership with Fortinet, the enterprise security provider. More