Ignoring network automation is a ticking time bomb for security

IT professionals are frustrated due to the rise in network update velocity and tech stack sprawl, lack of support from leadership, and disagreements and concerns about the approach to resolving network issues, according to BackBox.

Network and security device updates are crucial, but they are time-consuming and prone to human error when managed manually. 92% of network security and operations pros say there are more network updates needed than they can keep up with.

Lack of network automation puts companies at risk

And 98% agree that automated network operations will allow their team to focus on more impactful work. In addition, 96% of respondents say that scaling the business is impossible without network automation.

While 61% of companies only upgrade network and security devices quarterly or less frequently, 48% of survey respondents say their company has not implemented or invested deeply in network automation, opening them up to security breaches and other serious issues.

“Network operations professionals must stay ahead of malicious actors by keeping every network and security device up to date and configured according to internal policy or best practice standards like the Center for Internet Security Benchmarks,” said Andrew Kahl, CEO of BackBox. “A rigorous backup strategy for these devices is also critical to ensure fast recovery in the event of an outage. But lacking the tools to execute these preventative tasks at scale, and without interrupting daily network operations, netops teams tend to let them drop to the bottom of their to-do list.”

Network professionals lack confidence

As automation becomes increasingly necessary, network professionals are not confident they can implement it without disruptions, and that leadership will support their efforts. In fact, 93% indicate there is something they dislike about their company’s approach to network automation.

The most common issue they cite about their company’s current approach is that it’s difficult to add new automations without impacting current operations. 76% do not completely trust their organization’s current approach to automating network changes. In addition, 33% say their leadership is skeptical of automation.

However, among respondents that have implemented or invested deeply in network automation, 83% are mostly or completely confident in their ability to rapidly restore their network from backup within a few minutes of an outage or misconfiguration.

Ignored vulnerabilities result in network breaches

Among those who have network issues that require manual work, 76% agree their team often addresses these by fixing the immediate problem and not addressing the root cause. That number jumps to 93% for companies that haven’t invested deeply in automation.

Postponing updates means leaving known vulnerabilities in the network— making a breach all but inevitable. 64% of those that have not implemented or invested deeply in network automation say their most recent breach was the result of a known vulnerability.

Growing tech stacks make network updates more difficult

On average, network security and operations professionals make use of four tools for network automation, including 45% who use five or more. Leveraging so many tools results in a siloed approach to management and a fragmented response in disaster recovery scenarios, and leaves leadership without a unified view of automation strategy and outcomes.

As tech stacks grow, it becomes more difficult to keep networks up to date, and larger companies are less likely to maintain updates than their smaller-sized colleagues. In fact, 68% of those with 1,000 or more employees only update their network and security devices quarterly or less often, compared to 53% of companies with 500-999 employees.

A record 26,448 software security flaws were reported in 2022, with the number of critical vulnerabilities up 59% from 2021, according to an analysis by The Stack on Common Vulnerabilities and Exposures (CVEs) data.

“These numbers are the equivalent of a new CVE being identified every 20 minutes and illustrate the pressure to regularly update device operating systems to patch vulnerabilities,” said Josh Stephens, CTO of BackBox. “I recommend that companies automate the deployment of patches and upgrades for firewalls and other network devices as a part of a weekly schedule, with the ability to inject high-priority upgrades in near real-time, as a part of their network automation and cybersecurity strategies.”

Overcoming barriers to increasing network automation

Overcoming barriers to increasing network automation may be difficult, but it is crucial to make the most of network security and operations professionals’ expertise. 98% agree it will allow their team to focus on more impactful work.

Despite their frontline role safeguarding all aspects of an organization’s operations, network professionals can feel taken for granted – 92% feel their team is overlooked compared to other IT teams in their contributions to ensuring company security.