Networks shrouded in lack of visibility - SANS Institute report
A new report from the SANS Institute and ExtraHop has found that network visibility – specifically the lack of it – poses a high or very high risk to organisations worldwide – and many are worried about the risks that remote working is bringing to their business.
The 2020 SANS Network Visibility and Threat Detection Survey polled 213 respondents representing organisations with at least 1000 employees.
Of those respondents, more than 64% indicated that they had experienced at least one successful compromise over the last 12 months.
Close to half (44%) of respondents noted that employee desktops, now popular in remote working environments, may be the most likely attack vector.
“Traditionally this judgment is a smart choice—humans are fallible—and we know attackers frequently target employee workstations as the initial point of entry. Cloud-based systems (40%), on-premises physical servers (35%) and virtual servers (35%) are perceived as the next riskiest groups,” the report notes.
More than half (59%) of respondents believe that a lack of network visibility poses high or very high risks to their organisation. Furthermore, 98% are concerned about their ability to see encrypted traffic – as only 12.4% stated 75-100% of their internal network traffic is encrypted.
More than half of respondents (52%) claim high visibility into traffic entering and leaving their network (north–south traffic), only 17% claim the same level of visibility into traffic moving within their networks (east–west traffic).
“For these organisations, the challenge is being able to see inside traffic to know whether there is a malicious payload in that encrypted data,” the report notes.
Other issues include physical devices – virtualised and physical servers, employer-owned devices, cloud servers, employee mobile devices, and network devices such as routers and firewalls.
Cloud servers and systems were ranked as a security concern for 40% of respondents.
ExtraHop SVP of marketing Bryce Hein says that network visibility has never been more critical.
"Organisations need to be able to see into east-west traffic to identify threats in the growing number of cloud workloads, as well as get visibility into which devices are accessing enterprise resources. The fewer tools, less time, and less friction required to get that visibility, the better.
"Choose tools that use machine learning to provide improved analytics for access to the right data in less time," says report author Ian Reynolds. "This might assist in meeting staffing concerns and provide faster resolution of unexpected behaviours, threats and incidents."