Building a Better Network Security Strategy

8/11/2019 Building a Better Network Security Strategy

1/6

Building a Better Network Security StrategyJanuary 2014


2/6

Building a Better Network Security Strategy 2

http://t2.gstatic.com/images?q=tbn:ANd9GcQxQU-LHKSGH1e3MoBDUBg3jp-fcWOZaYnEVufnjkhICp3AVLT-

Introduction

In today's global, always-on world, network security is crucial. Enterprises need to ensure that employees

accessing their networks are secure at all times. To accomplish this, a comprehensive network security strategy

must address a number of factors including how to increase network reliability, efficiently administer security,

and guard against evolving threats and new attack techniques.

For most companies, the security challenge is becoming more complex. Today's mobile workforce and the use

of personal smartphones, laptops, and tablets for company work introduce new potential problems to guard

against. And hackers are not sitting still. Cyberthreats are constantly morphing and becoming ever-more

sophisticated.

A recent survey of IT professionals who manage network security, conducted by Slashdot Media, asked four key

questions about network security concerns and the important factors when selecting a network security

solution. Here are the results of that survey.

Question 1: When it comes to a network security solution, which factor is most important toyour organization?

Security-related vulnerabilities leave companies open to a number of problems and expose them to many risks.

Systems can be compromised, information can be stolen, and workers and customers can have problems

accessing resources they are authorized to use.

When looking for a network security solution to protect corporate systems and data and minimize exposure to

risk, the top factor for such a solution, cited by nearly half (about 48 percent) of the survey respondents, was

network reliability.

23%

20%

9%

48%

Cost

Ease of Integration

Network Features

Network reliability


3/6



It is easy to understand why this is the top choice. Malicious attacks today can cripple servers and significantly

reduce the performance of critical applications. Some attacks, such as denial of service attacks, prevent

workers and clients from accessing systems and accounts. In any of these instances, business is impacted.

Worker productivity drops and revenues decline. And if customers cannot complete an order or transaction,

they might defect to a competitor.

A security-related outage also can have other financial implications. An inopportune web site outage, such as if

a major retailer's site goes down on Cyber Monday, can generate large volumes of negative publicity.

Additionally, some industries mandate availability, having strict criteria with regard to access to specific

systems and some data. Inaccessible systems due to security problems might lead to regulatory violations,

penalties, and fines.

Beyond reliability, there are other issues that are common across any type of network solution. For example,

about 23 percent of the IT professionals surveyed ranked cost as their top concern with network security

solutions. This should not be surprising given that IT budgets have been tight over the last few years, and are

only expected to grow modestly this year.

And roughly 20 percent indicated ease of integration was their top concern. With IT departments being called

on to do more with fewer resources, it is natural to want a solution that can be up and running without a large

investment in staff time.

Rounding out the answers, about 9 percent of the respondents cited network features as a key factor in their

selection of network security solutions.

Question 2: Which type of network attack is your IT organization most concerned about?

12%

24%

24%

15%

15%

10%

Compromised-key

attack

Denial-of-service

attack

Eavesdropping

Identity or IP

address spoofing

Man-in-the-middle

attack

Sniffer attack
http://www.computerweekly.com/news/2240210150/IT-budgets-to-rise-by-3-in-2014-as-companies-step-up-spending-on-mobilehttp://www.computerweekly.com/news/2240210150/IT-budgets-to-rise-by-3-in-2014-as-companies-step-up-spending-on-mobile


4/6



Hackers today employ a wide variety of techniques to attack company networks. The survey found that IT

professionals are most worried about two particular types of attack: denial-of-service and eavesdropping.

Both were selected as the top concern by roughly 25 percent of the respondents each. Considering recent

events, it's not surprising that the combined results of the two types of attacks made up nearly half of all

respondents.

Distributed denial-of-service (DDoS) attacks continue to draw lots of attention. DDoS attacks against

commercial entities have proven to be effective at disrupting business and bringing attention to causes

espoused by hackavists. For example, by leveraging massive botnets consisting of compromised PCs and

servers, hackers have launched a number of highly publicized and highly disruptiveDDoS campaigns against

U.S. banks.

Eavesdropping has always been a concern, but perhaps its high showing in this survey is due to theincreased

news coverage in 2013 of this technique used by the NSA.Depending on the level of sophistication of the

attack, hackers can steal passwords and user accounts, files, transactional data, and even listen in on VoIP

conversationsall types of communication that travel over a network.

Following a bit behind denial-of-service and eavesdropping attacks were another two equally ranked

techniques: IP address spoofing and man-in-the-middle attacks. Roughly 15 percent of respondents each

selected these network attacks as the one they were most concerned about. While these attacks are quite

different, they both rely on tricking users or host systems into thinking they are communicating with a trusted

source.

Rounding out the list, comprised-key attacks were selected as the top concern of fewer than 12 percent of the

respondents and sniffer attacks were chosen by about 10 percent of the respondents.

Question 3: In terms of mobile vulnerabilities, what concerns your IT team the most?

54%

17%

29%Malicious applications

Mobile browser vulnerabilities

Mobile OS (iOS, Android)

vulnerabilities
http://www.informationweek.com/attacks/us-bank-hack-attack-techniques-identified/d/d-id/1108089?http://www.informationweek.com/attacks/us-bank-hack-attack-techniques-identified/d/d-id/1108089?http://www.informationweek.com/attacks/us-bank-hack-attack-techniques-identified/d/d-id/1108089?http://www.informationweek.com/attacks/us-bank-hack-attack-techniques-identified/d/d-id/1108089?http://www.politico.com/story/2013/12/technology-giants-nsa-eavesdropping-100856.htmlhttp://www.politico.com/story/2013/12/technology-giants-nsa-eavesdropping-100856.htmlhttp://www.politico.com/story/2013/12/technology-giants-nsa-eavesdropping-100856.htmlhttp://www.politico.com/story/2013/12/technology-giants-nsa-eavesdropping-100856.htmlhttp://www.politico.com/story/2013/12/technology-giants-nsa-eavesdropping-100856.htmlhttp://www.politico.com/story/2013/12/technology-giants-nsa-eavesdropping-100856.htmlhttp://www.informationweek.com/attacks/us-bank-hack-attack-techniques-identified/d/d-id/1108089?http://www.informationweek.com/attacks/us-bank-hack-attack-techniques-identified/d/d-id/1108089?


5/6



Today's increasingly mobile workforce and the rapid adoption of bring-your-own-device (BYOD) policies are

placing new demands on network security. More users need remote access to corporate applications and data

from mobile devices. And in many cases, IT has little control over the devices and, thus, cannot lock them down

as they might a company laptop, notebook computer, or smartphone.

Workers with company-issued mobile devices and those who use their own devices typically have complete

freedom in which apps they download from the iTunes Store, Android Market, Google Play, or the Apps for

Windows Store. Unfortunately, the number of unsafe apps is on the rise. AnHP test of more than 2,000 appsin

2013 found that 90 percent of them had security vulnerabilities. Another study found thatmalicious mobile

apps jumped 614 percentin 2013.

This represents a great threat to corporate data. Not surprisingly, 54 percent of the survey respondents rated

malicious applications as their top mobile security concern.

Following malicious mobile apps, 29 percent of the respondents rated mobile OS vulnerabilities as their top

mobile security concern. Both Android and iOS have certainly had their problems. For example,iOS 7 patched

80 vulnerabilities in iOS 6,addressing bugs that could allow malicious code execution, determination of a user'spassword by an app, and the ability to intercept data protected by IPSec Hybrid Auth.

The remaining 17 percent of the respondents selected mobile browser vulnerabilities as their top concern. As

more business and ecommerce is done using mobile devices, hackers are using similar techniques that have

worked so well with desktop browsers to steal information and compromise mobile devices. Adding to the

problem is that the small screen size on smartphones makes it harder for users to verify whether their browser

is using a security protocol (SSL or TLS) when connecting to different sites.

Question 4: How many full-time employees do you need to effectively manage network

security in your IT organization?

43%

16%

8%

22%

11%1 to 2

3 to 4

5 to 6

7 or more
http://www.networkworld.com/news/2013/111813-hp-ios-vulnerabilities-276063.htmlhttp://www.networkworld.com/news/2013/111813-hp-ios-vulnerabilities-276063.htmlhttp://www.networkworld.com/news/2013/111813-hp-ios-vulnerabilities-276063.htmlhttp://www.computerworld.com/s/article/9240772/Mobile_malware_mainly_aimed_at_Android_devices_jumps_614_in_a_yearhttp://www.computerworld.com/s/article/9240772/Mobile_malware_mainly_aimed_at_Android_devices_jumps_614_in_a_yearhttp://www.computerworld.com/s/article/9240772/Mobile_malware_mainly_aimed_at_Android_devices_jumps_614_in_a_yearhttp://www.computerworld.com/s/article/9240772/Mobile_malware_mainly_aimed_at_Android_devices_jumps_614_in_a_yearhttp://www.zdnet.com/ios-7-patches-80-vulnerabilities-7000020873/http://www.zdnet.com/ios-7-patches-80-vulnerabilities-7000020873/http://www.zdnet.com/ios-7-patches-80-vulnerabilities-7000020873/http://www.zdnet.com/ios-7-patches-80-vulnerabilities-7000020873/http://www.zdnet.com/ios-7-patches-80-vulnerabilities-7000020873/http://www.zdnet.com/ios-7-patches-80-vulnerabilities-7000020873/http://www.computerworld.com/s/article/9240772/Mobile_malware_mainly_aimed_at_Android_devices_jumps_614_in_a_yearhttp://www.computerworld.com/s/article/9240772/Mobile_malware_mainly_aimed_at_Android_devices_jumps_614_in_a_yearhttp://www.networkworld.com/news/2013/111813-hp-ios-vulnerabilities-276063.html


6/6



IT departments today are being called on to do more to support the growth of the business. IT increasingly is

seen as a key differentiator that will help companies roll out new products and services more quickly. This

attention by IT is needed to help companies respond to fast-changing market conditions.

Unfortunately, a great portion of IT staff time is spent handling day-to-day operational issues, keeping systems

running, and troubleshooting and fixing problems as they occur. Additionally, the changing nature and

increased sophistication of cyberthreats can sap even more IT time because staff needs to manage security

solutions as well.

According to the survey, companies today must dedicate a fair number of full-time IT staff to manage network

security. About 23 percent of respondents indicated they need 7 or more people to manage their network

security. About 8 percent need 5 or 6 people. And roughly 16 percent need 3 or 4 people.

Several factors could help reduce these numbers going forward. Going back to the findings in Question 1,

network reliability and ease of integration were cited as top factors with network security solutions. Selecting a

solution that is easy to integrate and that improves network reliability would free up IT staff to work on other

tasks more critical to a company's success.

Conclusion

Security threats are growing in complexity. Hackers and cyberthieves are using new techniques and more

sophisticated attacks to compromise systems and steal data.

Combating new attacks, while guarding against tried and true methods of infecting computers and infiltrating

company networks, requires network security solutions and a network security strategy that address network

reliability, cost, and integration issues. Suitable solutions must offer network features and guard against denial-

of-service, eavesdropping, IP address spoofing, man-in-the-middle, and other attacks. A solution and a strategy

must do this all while protecting against mobile threats.

IT professionals responsible for network security need solutions that help them find as many security

weaknesses as possible, fit into the normal IT management workflow, and are easy to use.

About HP Enterprise Security Products

Todays organizations are facing the most aggressive threat environment in the history of information technology. Emerging computing trends have

greatly increased productivity and business agilitybut at the same time, have introduced a host of new risks.Actionable security intelligence is

critical to protecting your organization from this rising tide of security threats.

HP is a leading provider of security intelligence and compliance solutions for enterprises that want to mitigate risk and defend against todays most

advanced threats. Based on market-leading products from ArcSight, Atalla, Fortify and TippingPoint, HP Enterprise Security Products enables

organizations to take a proactive approach to security, integrating information correlation, application analysis and network-level defense.HP

Security Research strengthens this portfolio of solutions through innovative research, delivering actionable security intelligence while providing

insight into the future of security and the most critical threats facing organizations today. For more information about HP Network Security,click

here.
http://www8.hp.com/us/en/software-solutions/software.html?compURI=1346240#.UsswOWez54Uhttp://www8.hp.com/us/en/software-solutions/software.html?compURI=1346240#.UsswOWez54Uhttp://www8.hp.com/us/en/software-solutions/software.html?compURI=1346240#.UsswOWez54Uhttp://www8.hp.com/us/en/software-solutions/software.html?compURI=1346240#.UsswOWez54Uhttp://www8.hp.com/us/en/software-solutions/software.html?compURI=1346240#.UsswOWez54Uhttp://www8.hp.com/us/en/software-solutions/software.html?compURI=1346240#.UsswOWez54U

Documents

Building a Better Network Security Strategy