Finding the Blind Spots in SecurityBy Samuel Greengard
A big problem with today's information security environment is that threats and vulnerabilities come from every direction. Even with an overarching strategy and an array of solutions in place, breaches and breakdowns happen.
A new report from Frost & Sullivan and ForeScout, Continuous Monitoring and Threat Mitigation, sheds some light on today's morass. It notes that "conventional security practices are becoming less and less effective." The list includes: antivirus (AV), encryption, data leakage prevention (DLP), patch management, and vulnerability assessment (VA). As it notes, "traditional security tools typically operate as independent silos not designed to interoperate with each other."
Frost & Sullivan assessed network security practices from more than 400 respondents at Global 2000 firms in the U.S., U.K. and Germany. Among the key findings:
*72 percent of organizations having experienced five or more network security incidents in the past 12 months.
*Independent firewall, vulnerability assessment and advanced threat defense (ATD) products suffer the most from blind spots because they are too often relegated to silos.
*Organizations have little confidence about the use of security agents. Only 37 percent are confident in their patch management approach, 28 percent are comfortable with encryption agents, and 27 percent have faith in their organization's antivirus agents.
*IT professionals want security automation. 60 percent said they desire greater automation for antivirus, patch management, advanced threat detection, network intrusion prevention, SIEM, firewall and vulnerability assessment.
Making matters worse, Frost & Sullivan reports that 50 percent of survey respondents noted that securing social media, BYOD and other emerging technologies consumes a "significant amount of time."
The report points to the need for next-generation methods. These include:
*Agentless endpoint identification that can profile and monitor in real time all network-attached endpoints, including employee devices, guest devices, and IP-enabled devices that cannot support a software agent such as printers and CCTV systems.
*More advanced Network Access Controls (NAC) that discover and remove unauthorized devices, rogue wireless access points and unmanaged legacy systems.
*Access control policies allow an IT team to manage corporate-owned mobile devices and reassign employee-owned mobile devices to guest VLANs.
*Greater network awareness, better security agent validation, continuous monitoring for security and compliance, better alarms and alerts, and improved platform integrations.
Make no mistake: business and IT leaders cannot afford to be complacent and fall behind the security curve. It's critical to crumple security silos and take aim at unmanaged devices, transient devices, dynamic risks and the dizzying array of threats that now exist.