Network and cloud testing company Ixia has released its 2017 security and CIO survey reports which show that this year visibility, especially into off-site cloud operations and encrypted traffic, is very much at the top of the mind for the CIO.
Over 220 senior IT staff were questioned in the CIO survey and 61% said that visibility was their top or near top priority for IT programs in 2017.
- Visibility is key to breach discovery: more than half (54%) of respondents indicated that they most often discover a security breach through their network visibility solution. Forensic investigation was cited as the main method for breach discovery by 30%, and contact by a third-party by 19%.
- Visibility central to network monitoring and protection: a large number (54%) of respondents mentioned operating six or more network segments, but monitoring only half of them. Of the 40% of enterprises surveyed that handle more than 10,000 customer records, less than 10% actively monitor and protect their network.
- Visibility critical to revealing potential threats: when asked how visibility could help improve their security posture, 56% or respondents stated they want visibility into encrypted traffic on their networks, and 59% want to be able to identify applications requiring inspection. 31% wanted visibility into public clouds, and 29% wanted visibility into private cloud environments. More than 50% of the organizations surveyed use more than five security appliances, yet only 36% of respondents protect those security appliances with an external bypass.
- Cloud visibility and security concerns: 76% of respondents were ‘very concerned’ or ‘concerned’ about security in their cloud environment. The top security concern with cloud adoption was ‘loss of control over network data’ (56%) and being able to achieve full visibility across their networks (47%).
- Defeating DDoS attacks: as the threat of DDoS continues to rise, especially following the attacks of unprecedented scale launched using the Mirai botnet, 50% of respondents said network visibility solutions would help protect their organization against DDoS attacks, with a further 30% saying that it would help somewhat.
Naveen Bhat, Managing Director for Ixia in Asia Pacific said, “Most enterprises today are struggling with network blind spots caused by increases in encrypted traffic on their networks and migrations to public and private cloud environments. They also need to get better visibility across their rapidly-expanding network estates to address performance issues and mitigate threat.”
He noted that security and analytics tools are only as good as the data they are seeing and this access to visibility is top of the agenda especially as more and more enterprise workloads move to the cloud.
Separately Ixia recently issued the first of what will be annual security reports with data from its Application and Threat Intelligence Research Center which monitored and the major security events of 2016.
This is in the context that the average enterprise is now using six different cloud services and network segmentation is increasing. 54% of enterprises are monitoring less than half of those segments and less than 19% of companies believe that their IT teams are adequately trained on the wide array of network appliances they are managing.
Some of the highlights from the security report are:
- The most common passwords to gain access to servers are still “admin”, “123567”, “support” and “password”.
- The top exploited URI paths used for brute force WordPress logins were /xmlrpc.php and /wp-login.php
- In June, July and August ransomware outpaced malware. Top phishing attacks were directed at Facebook, Adobe, Yahoo! And (still) AOL.
The full security report can be downloaded here.