Attitudes and Opinions

decisioncrunchΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 3 χρόνια και 10 μήνες)

91 εμφανίσεις

The State of Network Security
2012
:
Attitudes and Opinions


The network environment continues to grow in
complexity as firewall policies expand over time and
as new technologies such as next
-
generation firewalls
are adopted.



This survey analyzes network security risks and
operational challenges of managing network security
policies. Additionally, it gauges the effect of next
-
generation firewalls on IT’s workload.

Introduction

2


This survey was conducted at RSA 2012.


182 respondents are deeply involved in their organization’s
IT function and have at least a moderate involvement in
network operations.


68 percent are Information Security professionals.


32 percent are Network Operations professionals.


No AlgoSec employees, customers or partners are counted in the
results.


Methodology

3

Network security processes need improvement.


From reducing system outages to improving business
efficiency.


Next
-
generation firewalls address threats
-

at a cost.


Improved security, but increased administrative workload.


Security is an inside job.


Visibility of applications and networks, improving processes
and defending against insider threats all rank as key
concerns.

Key Findings

4


The majority (
55.6
%) of top challenges lie with
problematic internal processes.

5

Time
-
consuming manual
processes, 30.0%

Lack of visibility into network
security policies,
21.7
%

Poor change management
processes,
15.6
%

Preventing insider threats,
13.3
%

Error
-
prone processes cause risk,
10.0%

Tension between IT admin and
InfoSec teams,
9.4
%

"
What is the greatest challenge when it comes to managing network security devices in your
organization?”

Network Security Challenges


77% of respondents noted that out
-
of
-
process
changes caused either a system outage, a data breach
an audit failure or more than one of these.

6

Out
-
of
-
Process Changes Cause Major Problems

20.2
%

54.5
%

25.8
%

23.0
%

0.0%
10.0%
20.0%
30.0%
40.0%
50.0%
60.0%
Data breach
System outage
Failing an audit
None of the above
"
In your organization, an out
-
of
-
process change has resulted in..."


84
% of respondents
said NGFWs provided
them with better
security



BUT…


7

Next
-
Generation Firewalls: Better Security…

Yes: We have
improved control,
46.7
%

Yes: We have
increased
visibility,
37.3
%

No: Increased
policy
management
introduces error
and risk,
12.0
%

No: Increased
incidence of out
-
of
-
process
changes, 4.0%

"
Do you feel more or less secure now
that you have deployed NGFWs?"


76
% of respondents
said that NGFWs
increased their
administrative burden
due to added policy
complexity

8

Next
-
Generation Firewalls: …
at a Cost

Yes: NGFW
policies managed
separately

40.8
%

Yes: additional
policies must be
managed

22.5%

Yes: more info to
gather for audits

12.7
%

No: management
is centralized

23.9
%

"
Have next gen firewalls added more
work to your firewall management
processes?"


External attackers are
well down the list of
concerns…



The greatest risks
noted are poor
internal security
management
processes and insider
threats

9

Greatest Risk? More Management than Malice

Lack of visibility
into applications
and/or networks,
28.7
%

Insider threats,
27.5
%

Political
"hacktivists",
5.6%

Financially
-
motivated
hackers,
14.0
%

Poor change
management,
12.9
%

Out
-
of
-
process
changes causing
system outages,
11.2
%

"
What is the greatest risk your
enterprise faces today?"

Outsider threats,

19.6
%

10

Key Recommendations


Clearly define internal processes, ensure they are
communicated to all stakeholders and above all else,
make sure they are enforceable.



Leverage automation to facilitate process improvement
and to improve business efficiency and agility.



Look to implement NGFWs, but understand the impact
of policy decisions and plan accordingly to gain the
security benefits without the cost of higher
administrative burden.



Here are additional resources to help you further
research automating network security policy
optimization and change management:

11

Educational Resources


Webinar:
5
Strategies to Improve Firewall Management


eBook: The Big Collection of Firewall Management Tips


Video Testimonial: BT



Free
30
Day Trial of AlgoSec Security Management Suite

Security Management. Made Smarter.

www.AlgoSec.com


Connect with AlgoSec on: