Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Layered Security Approach Still Fails to Block Exploits: Report

Layered security may be security best practice, but many of the current technologies don’t appear to be detecting and blocking exploits, according to recent NSS Labs research.

Layered security may be security best practice, but many of the current technologies don’t appear to be detecting and blocking exploits, according to recent NSS Labs research.

In a test which layered typical defense technologies in various combinations, only 3 percent of unique combinations managed to detect all the exploits used, NSS Labs said in its new “Correlation of Detection Failures” report released Wednesday. The report tested the security effectiveness of next-generation firewalls, intrusion prevention systems, and endpoint protection.

Layered Security StrategyThe group tests included 37 security products from 24 different vendors and 1,711 exploits. There were 16 IPS, 8 next-generation firewall, and 13 endpoint protection products in the test. Networking products included the Barracuda F900 networking security appliance, Check Point 12600, and the Palo Alto PA5020.

None of the 37 tested products managed to detect all the exploits on their own. Of the 606 combinations possible with two of the security products in the test, only 3 percent of the possibilities detected all the exploits, NSS Labs said.

The results “present a serious challenge to the security industry as they allow an attacker to bypass several layers of defense using only a small set of exploits,” wrote Stefan Frei, research director at NSS Labs and principal author of the report.

The number of exploits that managed to bypass multiple security products, and the number of security products that were unable to block the exploits is “significantly higher than the common expectation,” Frei wrote. Security professionals run the risk of overestimating the security benefits of deploying multiple protection technologies.

It doesn’t appear to make a difference if there were multiple products within a security category, such as intrusion prevent systems, or multiple products across multiple categories, such as having antivirus running on an endpoint behind both an IPS and a next-generation firewall. Either deployment method “does not always provide the ‘defense in depth’ that we are led to believe exists,” Frei said.

Since many of the vendors use the same sources of threat intelligence and the same vulnerability research feeds, it’s likely they have the same deficiencies in their exploit detection and blocking capabilities. Layered defenses are critical to securing the enterprise, but organizations need to think about which products actually results in security gains.

NSS Labs did not specify the two products that successfully blocked the exploits.

Advertisement. Scroll to continue reading.

“This analysis shows that, while it is helpful to adopt a layered approach to security, the real key to effective protection against threats lies in an organization’s choice of protection technologies to be combined,” Frei wrote.

Related Reading: Chainmail – A Great Model for a Solid Security Strategy

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet