2010-08-31
By Editor, CIR
A report into the hacking of corporate security networks shows that a vast majority come across a misconfigured network – which, according to that 76% of the sample, was the easiest IT resource to exploit.
Reuven Harrison, chief technology officer of the security lifecycle management firm, Tufin Technologies, which carried out the survey, said 58% of respondents also viewed network misconfiguration as being caused by IT staff not knowing what to look for when assessing the status of their network configurations. He believes the finding are most notable because more than half the survey respondents actually work in corporate IT.
“The really big question coming out of the survey,” says Harrison, “is how to manage the risk that organisations run dealing with the complexity that is part and parcel of any medium to large sized company’s security operations. “
Tufin's research suggests that 18% of professionals believe misconfigured networks are the result of insufficient time or money for audits. Some 14% felt that compliance audits that don’t always capture security best practices are a factor and 11% felt that threat vectors that change faster than they can be addressed play a key role.
Automating configuration and security management is the best way forward to solving this problem, Harrison advises. With an increasing number of self-described black (11%) and grey (46%) hat hackers landing corporate security positions, the focus has overwhelmingly been on how easily we can break things - less than 30% of the sample is motivated by the desire to actually fix broken systems.
"And when you factor in the issue that 60% of the respondents said they had a day job in the corporate world, it's clear that IT managers need to address the security shortcomings of their networks by remediating the network misconfiguration issue. Only by configuring their network resources correctly can companies hope to beat these security issues," he added.
 DRAFT1.jpg)
