Story image

Ixia survey finds network complexity is weakening enterprise security

27 Mar 17

The first Ixia Security Report has found that it’s not just malware that’s causing havoc in organisations, but also the sheer complexity of organisations’ own networks.

The report, produced in conjunction with the ATI Research Center, found that organisations may be causing some of the trouble themselves.

According to a survey by Enterprise Management Associates, the average enterprise is using six different cloud services and network segmentation is on the rise. 

54% of organisations are monitoring less than half of those segments and 19% of companies believe their IT teams are trained on the range of network appliances they’re using.

“Organisations need to constantly monitor, test, and shift security tactics to keep ahead of attackers in the fast-paced threat landscape we all deal with today. This is especially important as new cloud services and increased IoT devices are routinely being introduced,” explains Steve McGregory, senior director of Application Threat Intelligence at Ixia. 

“To do this effectively, organisations must start by studying their evolving attack surface and ensure they have the proper security expansion measures in place. Simple but effective testing and operational visibility can go a long way to improving security,” he continues.

Additional highlights from the Ixia Security Report and ATI Research findings include:

Passwords that remain the defaults or far too predictable:

These include “root” and “admin” and also “ubnt”, the default username for AWS and other cloud platforms using Ubuntu. IoT devices featured “pi’ for the Raspberry PI. Others included “123456”, “support” and “password”. 

URI Paths and CMS exploits:

Brute force WordPress login URI paths included /xmlrpc.php and /wp-login.php. The research also found many attempts to scan the phpinfo() function and that most URIs attempted for attack were PHP based.

Malware still reigns supreme:

Malware and ransomware dominated in 2016. Top phishing targets included Facebook, Adobe, Yahoo and AOL.  Adobe was the common target for drive-by updates that delivered malware.

“Understanding your network breadth across physical, virtual, and cloud assets is critical to protecting it. We see that network segmentation adoption is on the rise, but that up to half of those segments are not being monitored,” comments Jeff Harris, Vice President of Security Solutions at Ixia.

"We anticipate that network visibility into every segment, IoT monitoring and AI will be some of the key security topics in 2017,” he concludes.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.