Story image

Ixia survey finds network complexity is weakening enterprise security

27 Mar 2017

The first Ixia Security Report has found that it’s not just malware that’s causing havoc in organisations, but also the sheer complexity of organisations’ own networks.

The report, produced in conjunction with the ATI Research Center, found that organisations may be causing some of the trouble themselves.

According to a survey by Enterprise Management Associates, the average enterprise is using six different cloud services and network segmentation is on the rise. 

54% of organisations are monitoring less than half of those segments and 19% of companies believe their IT teams are trained on the range of network appliances they’re using.

“Organisations need to constantly monitor, test, and shift security tactics to keep ahead of attackers in the fast-paced threat landscape we all deal with today. This is especially important as new cloud services and increased IoT devices are routinely being introduced,” explains Steve McGregory, senior director of Application Threat Intelligence at Ixia. 

“To do this effectively, organisations must start by studying their evolving attack surface and ensure they have the proper security expansion measures in place. Simple but effective testing and operational visibility can go a long way to improving security,” he continues.

Additional highlights from the Ixia Security Report and ATI Research findings include:

Passwords that remain the defaults or far too predictable:

These include “root” and “admin” and also “ubnt”, the default username for AWS and other cloud platforms using Ubuntu. IoT devices featured “pi’ for the Raspberry PI. Others included “123456”, “support” and “password”. 

URI Paths and CMS exploits:

Brute force WordPress login URI paths included /xmlrpc.php and /wp-login.php. The research also found many attempts to scan the phpinfo() function and that most URIs attempted for attack were PHP based.

Malware still reigns supreme:

Malware and ransomware dominated in 2016. Top phishing targets included Facebook, Adobe, Yahoo and AOL.  Adobe was the common target for drive-by updates that delivered malware.

“Understanding your network breadth across physical, virtual, and cloud assets is critical to protecting it. We see that network segmentation adoption is on the rise, but that up to half of those segments are not being monitored,” comments Jeff Harris, Vice President of Security Solutions at Ixia.

"We anticipate that network visibility into every segment, IoT monitoring and AI will be some of the key security topics in 2017,” he concludes.

Story image
10 Dec
Malwarebytes stalwart promoted to chief product officer
"Akshay has been an incredible partner with product development, enabling our long-term product vision. His leadership has been instrumental to our continued growth and success."More
Story image
04 Dec
Gartner names SAI Global as IT Vendor Risk Management leader
SAI Global feels the Gartner report confirms a competitive market with demand growing for cloud-first software solutions. More
Story image
13 Dec
Blink XT2 surveillance cams patched after 'severe' vulnerabilities found
If exploited, the vulnerabilities could give attackers full control of an affected device, allowing them to remotely view camera footage, listen to audio output and hijack the device for use in a botnet to perform, for example, distributed denial of service (DDoS) attacks, steal data or send spam.More
Story image
26 Nov
Black Friday alert: Financial botnets targeting e-commerce apparel sites
Black Friday is arguably the most anticipated retail sales period in the world, when brands offer consumers the largest discounts and promotional offers.More
Story image
29 Nov
Black Friday fraud: Who foots the bill?
“Given the incredibly high volume of transactions over the coming weekend, and indeed the whole festive period, often merchants will accept that fraud will be higher than usual."More
Story image
13 Nov
Microsoft showcases innovations in new Asia Pacific HQ
Almost 145,000 metres of cabling, 200 display screens, 179 Bluetooth beacons and 900 sensors make up Microsoft’s new Asia Pacific headquarters in Singapore, which is now home to the region’s first Microsoft Experience Centre.More