It’s here!
Today RedSeal published what we hope will be the first of many research reports that help bring light to current issues amongpractitioners in the enterprise IT security space.
Undertaken in partnership with Dimensional Research, our new report is titled: “Hackers Versus Enterprise Security: A Survey of IT Security Professionals.”
Based on just under 2,000 interviews with network and security pros, the major finding is that these workers feel that today’s attackers retain the upper hand in terms of automation. Over 50 percent of those surveyed were responsible for networks containing over 100 or more such devices, suggesting that the sheer size and scale of today’s security infrastructure is preventing organizations from adequately maintaining defense.
The data was culled on the show floor over the course of this summer at the Black Hat and Cisco Live conferences, and the findings are pretty thought provoking if you’re involved in managing IT security, or even just an average Joe getting your hacking geek on.
Among the specific findings:
- More than 75 percent of network management and security professionals believe that automated tools give hackers the upper hand in evading the defensive systems utilized by most enterprises to protect their critical assets and data.
- Over 71 percent of respondents admitted that their networks are exposed to external threats due to misconfiguration issues present in their security device infrastructure.
- More than 50 percent had no idea how many of their organizations’ internal hosts were actually exposed to the Internet.
- Roughly 52 percent conceded that their vulnerability management initiatives don’t allow them to prioritize remediation based on the likelihood of real-world attacks.
- While many security regulations and industry leaders have recommended for years that enterprises adopt a more metrics-driven approach toward measuring the effectiveness of security infrastructure, only 47 percent of respondents said that their employers do so today.
Clearly the results point to the true underlying value of RedSeal solutions in isolating gaps in network security infrastructure, providing visibility into vulnerability exposures and generating actionable metrics regarding the overall performance of security systems and strategies — but hopefully it’s clear that this research was straightforward and objective, informed completely by practitioners’ responses.
“Consistent application of network security controls across even medium sized networks has transcended human ability,” said Dr. Mike Lloyd, Chief Technology Officer at RedSeal. “For many years there’s been the notion of an arms race between IT security professionals and attackers; what this survey proves is that the good guys understand they’re facing a truly daunting task to
keep up.”
As CSO reporter Bill Brenner noted in his write-up, it’s hard to maintain security standing when the bad guys “have better toys.”
We think that RedSeal is one of the toys that every CSO should have in their collection, because as they say, you have to fight fire with fire. Or firepower?
Click here to read the entire report.
Pingback: Leveraging Security Metrics To Protect Your Network | RedSeal Networks Blog