Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Poor Internal Processes Viewed as the Greatest Threat to Network Security

AlgoSec, a company that provides firewall management solutions, recently released the results of a poll that examined the attitudes and opinions of 180 working IT and security professionals during the RSA Conference earlier this year. The results of the poll show that poor internal processes, practices, and threats pose the largest risk to a network. These problems, the respondents believe, are more of a concern than threats from malicious external sources.

AlgoSec, a company that provides firewall management solutions, recently released the results of a poll that examined the attitudes and opinions of 180 working IT and security professionals during the RSA Conference earlier this year. The results of the poll show that poor internal processes, practices, and threats pose the largest risk to a network. These problems, the respondents believe, are more of a concern than threats from malicious external sources.

Firewalls“While industry focus naturally gravitates toward the latest buzzwords, such as ‘advanced persistent threats,’ we were pleasantly surprised to find that practitioners primarily voice concerns with how to better manage security,” said Nimmy Reichenberg, Vice President of Marketing and Business Development, AlgoSec.

For those who took part in the study, the bottom line is that security is an inside job. When it comes to the pain those in the trenches are experiencing, the majority of it comes from processes. More than 50% of those who took part named an out-of-process change as the cause for a given outage.

This is compounded by the fact that most processes are manual ones, which are often too time consuming – as noted by 30% of the respondents – leading to a situation where manpower is stretched too thin to deal with other issues in a timely manner.

Threats from the inside got a mention as well, as nearly 28% of those who responded to AlgoSec’s questions said that it was a major concern for them. Less than 20% named a malicious attack from the outside as the largest threat their organization faces.

Interestingly enough, Next-Generation Firewalls (NGFWs) – a widely popular buzzword and technology group – increase the overall security on a network, but are sometimes a nightmare to deal with.

Of the respondents that implemented NGFWs, an overwhelming majority (84%) told AlgoSec that the increased control and visibility these devices offer improves security, but simultaneously 76% complain that the size and complexity of policy management is creating more work – on average of about one hour per day.

“We have seen next-generation firewalls capture the imagination of the security industry, as granular policies and controls can greatly increase visibility into applications and users, but these controls are not without a cost, as additional work is required to manage them,” said Reichenberg.

“Poor visibility into what is occurring in the network, insider threats and poor processes that result in out-of-process changes are responsible for much of the day-to-day risk. Regardless of latest attack vector or breach that makes headlines, it all goes back to strong security processes, visibility and control.”

The full report, “The State of Network Security 2012: Attitudes and Opinions” is available here.

Written By

Click to comment

Expert Insights

Related Content

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Vulnerabilities identified in TP-Link and NetComm router models could be exploited to achieve remote code execution (RCE).