The enterprise IT security landscape changed dramatically during 2016. Expansion into more clouds, the addition of industrial IoT, and marked increases in virtual deployments resulted in more devices, more locations, and more environments for organizations to monitor and protect. Data rates are increasing, network reach keeps growing, and new appliances keep entering the market to analyze and protect it all, with each needing to be managed, optimized, and secured. This growing network complexity is becoming a security vulnerability in its own right, alongside the dramatic rises in malware and other threats.
"Organizations need to study their evolving attack surface and ensure they have the testing and operational visibility measures in place to make security effective"
To explore and quantify these issues and challenges facing enterprises, and to show how these could be addressed, at Ixia we recently published our 2017 Security Report, drawing on our 20 years of experience in delivering advanced network testing and visibility solutions to help organizations better understand their networks’ performance and vulnerabilities. We identified seven key areas that organizations need to consider in order to better protect their networks and data in this dynamic cybersecurity environment.
1. Expanding network attack surfaces
An attack surface is the sum of the different points through which an attacker can enter or extract data from an IT environment. The growth in network complexity is increasing the size of attack surfaces in three dimensions: first, the number of locations where data resides; second, network throughput; and third, volume of IT tools being used. The Internet of Things (IoT) is also making the attack surface even larger as many IoT devices are neither deployed nor managed by IT. Network segmentation is on the rise, which is good practice, but survey data shows that 47% of organizations are leaving nearly half of their network segments unmonitored. Businesses need to introduce automation and real-time monitoring to see what they are missing.
2. Sharing in the cloud
Cloud usage is on the rise raising its own security issues. Where do cloud providers’ performance and security responsibilities stop, and individual organizations’ begin? Today, the average organization is using six different cloud services. By 2020 over 92% of all workloads will be cloud-based. With the growth in the use of shadow cloud services, which fall outside the control of IT, up to ten times more cloud services are likely to be deployed than IT expects. An effective visibility strategy needs to span all of the hybrid, public, and private cloud environments being used by an organization.
3. The attackers’ arsenal
New, highly sophisticated hacking techniques grab headlines, yet the old, tried and tested methods are still favored by most cybercriminals. Across different services, operating systems and deployments, attackers are looking for the easiest way to gain entry. We have seen attackers checking for passwords that are 14 years old, probing for vulnerabilities that are over 10 years old, and using malware that has not changed in years.
4. Top usernames and passwords
With so many IT systems in a typical network, password management remains a problem area attackers are exploiting. The top five username guesses in 2016 were: root, admin, ubnt, support, and user. The top five password guesses were null, ubnt, admin, 123456, and support.
Many of these are the default combinations for network appliances or cloud offerings, so if the IT team fails to change them, there is a simple route in for malicious hackers.IoT devices were also a notable target of brute force guesses.
5. Malware or phishing?
Malware continued to dominate over 2016 but during June, July and August, ransomware phishing appeared to have outpaced conventional malware phishing. Major websites such as Google, PayPal and Facebook were the top targets – once again showing how cybercriminals target low-hanging fruit. Meanwhile, Adobe updates were found to be the most prevalent drive-by updates for delivering malware or phishing attacks.
6. Top exploited URI paths and content management systems
A uniform resource identifier (URI) is a string of characters used to identify the name of a resource. WordPress URI paths were the two most exploited in2016, showing how attackers are targeting sites built on the popular platform. WordPress was by far the most exploited content management system, with Joomla a distant second – yet again, hackers understand how to target the most popular services.
7. The CISO Mind Map
The CISO has a lot to manage. A typical organization engages as many as 15 vendors for various aspects of security, IP protection, user training, and risk assessment. That includes protecting inside their traditional perimeter dealing with private clouds, firewalls, antivirus software, and encryption. The CISO must also deal with monitoring and securing outside the traditional perimeter including public clouds, SaaS services, smartphones, laptops, and networks of IoT devices. The CISO mind map is complex, needing to understand all these resources as well as what makes one vendor’s appliance better than another.
Security is more than just defending against the ever-increasing barrage of malware. Organizations need to study their evolving attack surface and ensure they have the testing and operational visibility measures in place to make security effective. Better testing of your actual infrastructure against more realistic traffic and attack conditions is a good start. Once you have that, visibility architectures that allow your IT security team to see your entire network and monitor it in real-time are absolutely essential; after all, you cannot secure what you cannot see.