sb-as logo
Story image

Networks shrouded in lack of visibility - SANS Institute report

23 Apr 2020

A new report from the SANS Institute and ExtraHop has found that network visibility – specifically the lack of it – poses a high or very high risk to organisations worldwide – and many are worried about the risks that remote working is bringing to their business.

The 2020 SANS Network Visibility and Threat Detection Survey polled 213 respondents representing organisations with at least 1000 employees.

Of those respondents, more than 64% indicated that they had experienced at least one successful compromise over the last 12 months.

Close to half (44%) of respondents noted that employee desktops, now popular in remote working environments, may be the most likely attack vector. 

“Traditionally this judgment is a smart choice—humans are fallible—and we know attackers frequently target employee workstations as the initial point of entry. Cloud-based systems (40%), on-premises physical servers (35%) and virtual servers (35%) are perceived as the next riskiest groups,” the report notes.

More than half (59%) of respondents believe that a lack of network visibility poses high or very high risks to their organisation. Furthermore, 98% are concerned about their ability to see encrypted traffic – as only 12.4% stated 75-100% of their internal network traffic is encrypted.

More than half of respondents (52%) claim high visibility into traffic entering and leaving their network (north–south traffic), only 17% claim the same level of visibility into traffic moving within their networks (east–west traffic).

“For these organisations, the challenge is being able to see inside traffic to know whether there is a malicious payload in that encrypted data,” the report notes.

Other issues include physical devices – virtualised and physical servers, employer-owned devices, cloud servers, employee mobile devices, and network devices such as routers and firewalls.

Cloud servers and systems were ranked as a security concern for 40% of respondents.

ExtraHop SVP of marketing Bryce Hein says that network visibility has never been more critical.

"Organisations need to be able to see into east-west traffic to identify threats in the growing number of cloud workloads, as well as get visibility into which devices are accessing enterprise resources. The fewer tools, less time, and less friction required to get that visibility, the better.”

"Choose tools that use machine learning to provide improved analytics for access to the right data in less time," says report author Ian Reynolds. "This might assist in meeting staffing concerns and provide faster resolution of unexpected behaviours, threats and incidents."
 

Story image
Ripple20 threat has potential for 'vast exploitation', ExtraHop researchers find
One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. More
Story image
ConnectWise launches bug bounty program to bolster cybersecurity strategy
“Crowdsourcing in this way represents a solid additional layer of security, and we clearly value the community's expertise and participation in helping us keep our products secure."More
Story image
Five security challenges for the Enterprise of Things
Many enterprise networks aren't adequately managed, creating risk for businesses that don’t have full visibility into all of the devices on their network, writes Forescout regional director for A/NZ Rohan Langdon.More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Global attack volume down, but fraud and cyber threats still going strong
“The move to digital, for both businesses and consumers, has been significant. Yet with this change comes opportunity for exploitation. Fraudsters look for easy targets: whether government support packages, new lines of credit or media companies with fewer barriers to entry."More
Link image
Veeam launches ransomware prevention kit
Through a simple-by-design management console, users can easily achieve fast, flexible and reliable backup, recovery and replication for all your applications and data.More