Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Poor Internal Processes Viewed as the Greatest Threat to Network Security

AlgoSec, a company that provides firewall management solutions, recently released the results of a poll that examined the attitudes and opinions of 180 working IT and security professionals during the RSA Conference earlier this year. The results of the poll show that poor internal processes, practices, and threats pose the largest risk to a network. These problems, the respondents believe, are more of a concern than threats from malicious external sources.

AlgoSec, a company that provides firewall management solutions, recently released the results of a poll that examined the attitudes and opinions of 180 working IT and security professionals during the RSA Conference earlier this year. The results of the poll show that poor internal processes, practices, and threats pose the largest risk to a network. These problems, the respondents believe, are more of a concern than threats from malicious external sources.

Firewalls“While industry focus naturally gravitates toward the latest buzzwords, such as ‘advanced persistent threats,’ we were pleasantly surprised to find that practitioners primarily voice concerns with how to better manage security,” said Nimmy Reichenberg, Vice President of Marketing and Business Development, AlgoSec.

For those who took part in the study, the bottom line is that security is an inside job. When it comes to the pain those in the trenches are experiencing, the majority of it comes from processes. More than 50% of those who took part named an out-of-process change as the cause for a given outage.

This is compounded by the fact that most processes are manual ones, which are often too time consuming – as noted by 30% of the respondents – leading to a situation where manpower is stretched too thin to deal with other issues in a timely manner.

Threats from the inside got a mention as well, as nearly 28% of those who responded to AlgoSec’s questions said that it was a major concern for them. Less than 20% named a malicious attack from the outside as the largest threat their organization faces.

Interestingly enough, Next-Generation Firewalls (NGFWs) – a widely popular buzzword and technology group – increase the overall security on a network, but are sometimes a nightmare to deal with.

Of the respondents that implemented NGFWs, an overwhelming majority (84%) told AlgoSec that the increased control and visibility these devices offer improves security, but simultaneously 76% complain that the size and complexity of policy management is creating more work – on average of about one hour per day.

“We have seen next-generation firewalls capture the imagination of the security industry, as granular policies and controls can greatly increase visibility into applications and users, but these controls are not without a cost, as additional work is required to manage them,” said Reichenberg.

“Poor visibility into what is occurring in the network, insider threats and poor processes that result in out-of-process changes are responsible for much of the day-to-day risk. Regardless of latest attack vector or breach that makes headlines, it all goes back to strong security processes, visibility and control.”

Advertisement. Scroll to continue reading.

The full report, “The State of Network Security 2012: Attitudes and Opinions” is available here.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.