Story image

Ixia survey finds network complexity is weakening enterprise security

27 Mar 2017

The first Ixia Security Report has found that it’s not just malware that’s causing havoc in organisations, but also the sheer complexity of organisations’ own networks.

The report, produced in conjunction with the ATI Research Center, found that organisations may be causing some of the trouble themselves.

According to a survey by Enterprise Management Associates, the average enterprise is using six different cloud services and network segmentation is on the rise. 

54% of organisations are monitoring less than half of those segments and 19% of companies believe their IT teams are trained on the range of network appliances they’re using.

“Organisations need to constantly monitor, test, and shift security tactics to keep ahead of attackers in the fast-paced threat landscape we all deal with today. This is especially important as new cloud services and increased IoT devices are routinely being introduced,” explains Steve McGregory, senior director of Application Threat Intelligence at Ixia. 

“To do this effectively, organisations must start by studying their evolving attack surface and ensure they have the proper security expansion measures in place. Simple but effective testing and operational visibility can go a long way to improving security,” he continues.

Additional highlights from the Ixia Security Report and ATI Research findings include:

Passwords that remain the defaults or far too predictable:

These include “root” and “admin” and also “ubnt”, the default username for AWS and other cloud platforms using Ubuntu. IoT devices featured “pi’ for the Raspberry PI. Others included “123456”, “support” and “password”. 

URI Paths and CMS exploits:

Brute force WordPress login URI paths included /xmlrpc.php and /wp-login.php. The research also found many attempts to scan the phpinfo() function and that most URIs attempted for attack were PHP based.

Malware still reigns supreme:

Malware and ransomware dominated in 2016. Top phishing targets included Facebook, Adobe, Yahoo and AOL.  Adobe was the common target for drive-by updates that delivered malware.

“Understanding your network breadth across physical, virtual, and cloud assets is critical to protecting it. We see that network segmentation adoption is on the rise, but that up to half of those segments are not being monitored,” comments Jeff Harris, Vice President of Security Solutions at Ixia.

"We anticipate that network visibility into every segment, IoT monitoring and AI will be some of the key security topics in 2017,” he concludes.

Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Ensign and IronNet partner to create cyber analytics capabilities
The Singapore-based joint venture will form a Cyber Analytics Center for Excellence focused on securing regional enterprises from sophisticated cyber threats.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.