sb-as logo
Story image

Ixia survey finds network complexity is weakening enterprise security

27 Mar 2017

The first Ixia Security Report has found that it’s not just malware that’s causing havoc in organisations, but also the sheer complexity of organisations’ own networks.

The report, produced in conjunction with the ATI Research Center, found that organisations may be causing some of the trouble themselves.

According to a survey by Enterprise Management Associates, the average enterprise is using six different cloud services and network segmentation is on the rise. 

54% of organisations are monitoring less than half of those segments and 19% of companies believe their IT teams are trained on the range of network appliances they’re using.

“Organisations need to constantly monitor, test, and shift security tactics to keep ahead of attackers in the fast-paced threat landscape we all deal with today. This is especially important as new cloud services and increased IoT devices are routinely being introduced,” explains Steve McGregory, senior director of Application Threat Intelligence at Ixia. 

“To do this effectively, organisations must start by studying their evolving attack surface and ensure they have the proper security expansion measures in place. Simple but effective testing and operational visibility can go a long way to improving security,” he continues.

Additional highlights from the Ixia Security Report and ATI Research findings include:

Passwords that remain the defaults or far too predictable:

These include “root” and “admin” and also “ubnt”, the default username for AWS and other cloud platforms using Ubuntu. IoT devices featured “pi’ for the Raspberry PI. Others included “123456”, “support” and “password”. 

URI Paths and CMS exploits:

Brute force WordPress login URI paths included /xmlrpc.php and /wp-login.php. The research also found many attempts to scan the phpinfo() function and that most URIs attempted for attack were PHP based.

Malware still reigns supreme:

Malware and ransomware dominated in 2016. Top phishing targets included Facebook, Adobe, Yahoo and AOL.  Adobe was the common target for drive-by updates that delivered malware.

“Understanding your network breadth across physical, virtual, and cloud assets is critical to protecting it. We see that network segmentation adoption is on the rise, but that up to half of those segments are not being monitored,” comments Jeff Harris, Vice President of Security Solutions at Ixia.

"We anticipate that network visibility into every segment, IoT monitoring and AI will be some of the key security topics in 2017,” he concludes.

Story image
Women in cybersecurity – what is holding us back?
A robust and diverse workforce with wide-ranging skills and depth of experience is essential for providing balance, safety and continuity to both the industry and countries at large. More
Story image
Experiencing ransomware significantly impacts cybersecurity approach
"The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyber threat awareness."More
Story image
Video: 10 Minute IT Jams - SonicWall VP discusses the importance of endpoint security
In this video, Dmitriy discusses the exposure points and new risks that come as a result of widespread flexible working arrangements, how organisations should secure their massively distributed networks, and how SonicWall's Boundless Cybersecurity model can solve these issues.More
Story image
How to address cyber-threats as a strategic risk
Becoming a cyber-secure organisation in the face of an evolving threat landscape requires a strategic, business-focused approach to security as opposed to a tactical approach in which security is addressed simply by implementing new tools.More
Story image
Secureworks: Remote working exposes new security vulnerabilities
New vulnerabilities have been exposed as IT teams across the world respond to the ongoing COVID-19 pandemic.More
Story image
Majority of industrial enterprises face increase cyber threats since COVID-19
Leadership's top cyber security priority was implementing new technology solutions since the onset of the pandemic.More