Poor internal security processes spell disaster

Poor internal security management processes present more risk than malicious threats. More than 50 percent of an AlgoSec survey respondents incurred a system outage due to an out-of-process change.

“While industry focus naturally gravitates toward the latest buzzwords, such as “advanced persistent threats,’ we were pleasantly surprised to find that practitioners primarily voice concerns with how to better manage security,” said Nimmy Reichenberg, Vice President of Marketing and Business Development, AlgoSec. “Poor visibility into what is occurring in the network, insider threats and poor processes that result in out-of-process changes are responsible for much of the day-to-day risk. Regardless of latest attack vector or breach that makes headlines, it all goes back to strong security processes, visibility and control.”

Key findings from the survey include:

Out-of-process equals out-of-service – A majority of respondents (54.5 percent) indicated that an out-of-process change has resulted in a system outage.

Hands-on is out of touch – Nearly one-in-three respondents (30 percent) cited time-consuming manual processes as the greatest challenge to managing network security devices.

Enterprise risks are inside-out – When asked to cite the greatest risk to enterprise security, 28.7 percent noted a lack of visibility into networks applications while 27.5 percent highlighted insider threats, but less than 20 percent focused on external threats such as hackers.

Next-Generation Firewalls increase security, but there is no free lunch – Of the survey respondents that have implemented NGFWs, an overwhelming majority (84 percent) believe that the increased control and visibility these devices offer improves security, but simultaneously 76.1 percent complain that the size and complexity of policy management is creating more work – on average of about one hour per day (a 12.5 percent increase).

“We have seen next-generation firewalls capture the imagination of the security industry, as granular policies and controls cangreatly increase visibility into applications and users, but these controls are not without a cost, as additional work is required to manage them,” said Reichenberg.