Majority of enterprises suffer from security blind spots
A majority of Global 2000 companies have areas within their networks that are not properly analyzed according to a new report.
The survey from network security company ForeScout Technologies, conducted by research firm Frost & Sullivan, says these 'blind spots' can lead to costly breaches due to unknown applications, traffic, devices and users operating insecurely on a corporate network.
In the past 12 months 72 percent of respondents say that they experienced five or more network-based security incidents. Interestingly managed devices experienced the most security incidents, despite increased investment in managed security technologies.
Managed end user computers yielded the most network-based security incidents, with nearly one-third of companies in the US, 19 percent of companies in the UK and 50 percent of German companies reporting five or more. Managed servers also served as gateways for attack in 27 percent of companies in the US, 19 percent in the UK and 36 percent in Germany. The survey suggests that this is leading to low customer confidence in security agents being deployed.
"We've confirmed what most people already expect -- that no company is truly secure without its security technologies working together. A siloed security approach can create network blind spots that have costly, long-term impacts on business continuity and brand reputation," says Chris Kissel, Industry Analyst, Network Security Research, at Frost and Sullivan. "Without full network visibility, these attack surfaces will only increase, given the fast-growing number of BYOD and IoT devices being connected to corporate networks".
Other findings include that too much reliance on security agents brings a false sense of safety. Low confidence in patch management agents is reported by 37 percent of respondents, followed closely by mobile device management (MDM) agents (35 percent), encryption agents (28 percent) and antivirus agents (27 percent).
However, IT professionals would unanimously welcome a set of pre-determined security controls within each network security technology to help with automation and save critical resources. The main areas that respondents wanted automated security controls for were firewalls (67 percent), intrusion prevention (65 percent) and antivirus (63 percent).
The full report is available to download from the ForeScout website.