8/11/2019 Building a Better Network Security Strategy
1/6
Building a Better Network Security StrategyJanuary 2014
8/11/2019 Building a Better Network Security Strategy
2/6
Building a Better Network Security Strategy 2
http://t2.gstatic.com/images?q=tbn:ANd9GcQxQU-LHKSGH1e3MoBDUBg3jp-fcWOZaYnEVufnjkhICp3AVLT-
Introduction
In today's global, always-on world, network security is crucial. Enterprises need to ensure that employees
accessing their networks are secure at all times. To accomplish this, a comprehensive network security strategy
must address a number of factors including how to increase network reliability, efficiently administer security,
and guard against evolving threats and new attack techniques.
For most companies, the security challenge is becoming more complex. Today's mobile workforce and the use
of personal smartphones, laptops, and tablets for company work introduce new potential problems to guard
against. And hackers are not sitting still. Cyberthreats are constantly morphing and becoming ever-more
sophisticated.
A recent survey of IT professionals who manage network security, conducted by Slashdot Media, asked four key
questions about network security concerns and the important factors when selecting a network security
solution. Here are the results of that survey.
Question 1: When it comes to a network security solution, which factor is most important toyour organization?
Security-related vulnerabilities leave companies open to a number of problems and expose them to many risks.
Systems can be compromised, information can be stolen, and workers and customers can have problems
accessing resources they are authorized to use.
When looking for a network security solution to protect corporate systems and data and minimize exposure to
risk, the top factor for such a solution, cited by nearly half (about 48 percent) of the survey respondents, was
network reliability.
23%
20%
9%
48%
Cost
Ease of Integration
Network Features
Network reliability
8/11/2019 Building a Better Network Security Strategy
3/6
Building a Better Network Security Strategy 3
http://t2.gstatic.com/images?q=tbn:ANd9GcQxQU-LHKSGH1e3MoBDUBg3jp-fcWOZaYnEVufnjkhICp3AVLT-
It is easy to understand why this is the top choice. Malicious attacks today can cripple servers and significantly
reduce the performance of critical applications. Some attacks, such as denial of service attacks, prevent
workers and clients from accessing systems and accounts. In any of these instances, business is impacted.
Worker productivity drops and revenues decline. And if customers cannot complete an order or transaction,
they might defect to a competitor.
A security-related outage also can have other financial implications. An inopportune web site outage, such as if
a major retailer's site goes down on Cyber Monday, can generate large volumes of negative publicity.
Additionally, some industries mandate availability, having strict criteria with regard to access to specific
systems and some data. Inaccessible systems due to security problems might lead to regulatory violations,
penalties, and fines.
Beyond reliability, there are other issues that are common across any type of network solution. For example,
about 23 percent of the IT professionals surveyed ranked cost as their top concern with network security
solutions. This should not be surprising given that IT budgets have been tight over the last few years, and are
only expected to grow modestly this year.
And roughly 20 percent indicated ease of integration was their top concern. With IT departments being called
on to do more with fewer resources, it is natural to want a solution that can be up and running without a large
investment in staff time.
Rounding out the answers, about 9 percent of the respondents cited network features as a key factor in their
selection of network security solutions.
Question 2: Which type of network attack is your IT organization most concerned about?
12%
24%
24%
15%
15%
10%
Compromised-key
attack
Denial-of-service
attack
Eavesdropping
Identity or IP
address spoofing
Man-in-the-middle
attack
Sniffer attack
http://www.computerweekly.com/news/2240210150/IT-budgets-to-rise-by-3-in-2014-as-companies-step-up-spending-on-mobilehttp://www.computerweekly.com/news/2240210150/IT-budgets-to-rise-by-3-in-2014-as-companies-step-up-spending-on-mobile8/11/2019 Building a Better Network Security Strategy
4/6
Building a Better Network Security Strategy 4
http://t2.gstatic.com/images?q=tbn:ANd9GcQxQU-LHKSGH1e3MoBDUBg3jp-fcWOZaYnEVufnjkhICp3AVLT-
Hackers today employ a wide variety of techniques to attack company networks. The survey found that IT
professionals are most worried about two particular types of attack: denial-of-service and eavesdropping.
Both were selected as the top concern by roughly 25 percent of the respondents each. Considering recent
events, it's not surprising that the combined results of the two types of attacks made up nearly half of all
respondents.
Distributed denial-of-service (DDoS) attacks continue to draw lots of attention. DDoS attacks against
commercial entities have proven to be effective at disrupting business and bringing attention to causes
espoused by hackavists. For example, by leveraging massive botnets consisting of compromised PCs and
servers, hackers have launched a number of highly publicized and highly disruptiveDDoS campaigns against
U.S. banks.
Eavesdropping has always been a concern, but perhaps its high showing in this survey is due to theincreased
news coverage in 2013 of this technique used by the NSA.Depending on the level of sophistication of the
attack, hackers can steal passwords and user accounts, files, transactional data, and even listen in on VoIP
conversationsall types of communication that travel over a network.
Following a bit behind denial-of-service and eavesdropping attacks were another two equally ranked
techniques: IP address spoofing and man-in-the-middle attacks. Roughly 15 percent of respondents each
selected these network attacks as the one they were most concerned about. While these attacks are quite
different, they both rely on tricking users or host systems into thinking they are communicating with a trusted
source.
Rounding out the list, comprised-key attacks were selected as the top concern of fewer than 12 percent of the
respondents and sniffer attacks were chosen by about 10 percent of the respondents.
Question 3: In terms of mobile vulnerabilities, what concerns your IT team the most?
54%
17%
29%Malicious applications
Mobile browser vulnerabilities
Mobile OS (iOS, Android)
vulnerabilities
http://www.informationweek.com/attacks/us-bank-hack-attack-techniques-identified/d/d-id/1108089?http://www.informationweek.com/attacks/us-bank-hack-attack-techniques-identified/d/d-id/1108089?http://www.informationweek.com/attacks/us-bank-hack-attack-techniques-identified/d/d-id/1108089?http://www.informationweek.com/attacks/us-bank-hack-attack-techniques-identified/d/d-id/1108089?http://www.politico.com/story/2013/12/technology-giants-nsa-eavesdropping-100856.htmlhttp://www.politico.com/story/2013/12/technology-giants-nsa-eavesdropping-100856.htmlhttp://www.politico.com/story/2013/12/technology-giants-nsa-eavesdropping-100856.htmlhttp://www.politico.com/story/2013/12/technology-giants-nsa-eavesdropping-100856.htmlhttp://www.politico.com/story/2013/12/technology-giants-nsa-eavesdropping-100856.htmlhttp://www.politico.com/story/2013/12/technology-giants-nsa-eavesdropping-100856.htmlhttp://www.informationweek.com/attacks/us-bank-hack-attack-techniques-identified/d/d-id/1108089?http://www.informationweek.com/attacks/us-bank-hack-attack-techniques-identified/d/d-id/1108089?8/11/2019 Building a Better Network Security Strategy
5/6
Building a Better Network Security Strategy 5
http://t2.gstatic.com/images?q=tbn:ANd9GcQxQU-LHKSGH1e3MoBDUBg3jp-fcWOZaYnEVufnjkhICp3AVLT-
Today's increasingly mobile workforce and the rapid adoption of bring-your-own-device (BYOD) policies are
placing new demands on network security. More users need remote access to corporate applications and data
from mobile devices. And in many cases, IT has little control over the devices and, thus, cannot lock them down
as they might a company laptop, notebook computer, or smartphone.
Workers with company-issued mobile devices and those who use their own devices typically have complete
freedom in which apps they download from the iTunes Store, Android Market, Google Play, or the Apps for
Windows Store. Unfortunately, the number of unsafe apps is on the rise. AnHP test of more than 2,000 appsin
2013 found that 90 percent of them had security vulnerabilities. Another study found thatmalicious mobile
apps jumped 614 percentin 2013.
This represents a great threat to corporate data. Not surprisingly, 54 percent of the survey respondents rated
malicious applications as their top mobile security concern.
Following malicious mobile apps, 29 percent of the respondents rated mobile OS vulnerabilities as their top
mobile security concern. Both Android and iOS have certainly had their problems. For example,iOS 7 patched
80 vulnerabilities in iOS 6,addressing bugs that could allow malicious code execution, determination of a user'spassword by an app, and the ability to intercept data protected by IPSec Hybrid Auth.
The remaining 17 percent of the respondents selected mobile browser vulnerabilities as their top concern. As
more business and ecommerce is done using mobile devices, hackers are using similar techniques that have
worked so well with desktop browsers to steal information and compromise mobile devices. Adding to the
problem is that the small screen size on smartphones makes it harder for users to verify whether their browser
is using a security protocol (SSL or TLS) when connecting to different sites.
Question 4: How many full-time employees do you need to effectively manage network
security in your IT organization?
43%
16%
8%
22%
11%1 to 2
3 to 4
5 to 6
7 or more
http://www.networkworld.com/news/2013/111813-hp-ios-vulnerabilities-276063.htmlhttp://www.networkworld.com/news/2013/111813-hp-ios-vulnerabilities-276063.htmlhttp://www.networkworld.com/news/2013/111813-hp-ios-vulnerabilities-276063.htmlhttp://www.computerworld.com/s/article/9240772/Mobile_malware_mainly_aimed_at_Android_devices_jumps_614_in_a_yearhttp://www.computerworld.com/s/article/9240772/Mobile_malware_mainly_aimed_at_Android_devices_jumps_614_in_a_yearhttp://www.computerworld.com/s/article/9240772/Mobile_malware_mainly_aimed_at_Android_devices_jumps_614_in_a_yearhttp://www.computerworld.com/s/article/9240772/Mobile_malware_mainly_aimed_at_Android_devices_jumps_614_in_a_yearhttp://www.zdnet.com/ios-7-patches-80-vulnerabilities-7000020873/http://www.zdnet.com/ios-7-patches-80-vulnerabilities-7000020873/http://www.zdnet.com/ios-7-patches-80-vulnerabilities-7000020873/http://www.zdnet.com/ios-7-patches-80-vulnerabilities-7000020873/http://www.zdnet.com/ios-7-patches-80-vulnerabilities-7000020873/http://www.zdnet.com/ios-7-patches-80-vulnerabilities-7000020873/http://www.computerworld.com/s/article/9240772/Mobile_malware_mainly_aimed_at_Android_devices_jumps_614_in_a_yearhttp://www.computerworld.com/s/article/9240772/Mobile_malware_mainly_aimed_at_Android_devices_jumps_614_in_a_yearhttp://www.networkworld.com/news/2013/111813-hp-ios-vulnerabilities-276063.html8/11/2019 Building a Better Network Security Strategy
6/6
Building a Better Network Security Strategy 6
http://t2.gstatic.com/images?q=tbn:ANd9GcQxQU-LHKSGH1e3MoBDUBg3jp-fcWOZaYnEVufnjkhICp3AVLT-
IT departments today are being called on to do more to support the growth of the business. IT increasingly is
seen as a key differentiator that will help companies roll out new products and services more quickly. This
attention by IT is needed to help companies respond to fast-changing market conditions.
Unfortunately, a great portion of IT staff time is spent handling day-to-day operational issues, keeping systems
running, and troubleshooting and fixing problems as they occur. Additionally, the changing nature and
increased sophistication of cyberthreats can sap even more IT time because staff needs to manage security
solutions as well.
According to the survey, companies today must dedicate a fair number of full-time IT staff to manage network
security. About 23 percent of respondents indicated they need 7 or more people to manage their network
security. About 8 percent need 5 or 6 people. And roughly 16 percent need 3 or 4 people.
Several factors could help reduce these numbers going forward. Going back to the findings in Question 1,
network reliability and ease of integration were cited as top factors with network security solutions. Selecting a
solution that is easy to integrate and that improves network reliability would free up IT staff to work on other
tasks more critical to a company's success.
Conclusion
Security threats are growing in complexity. Hackers and cyberthieves are using new techniques and more
sophisticated attacks to compromise systems and steal data.
Combating new attacks, while guarding against tried and true methods of infecting computers and infiltrating
company networks, requires network security solutions and a network security strategy that address network
reliability, cost, and integration issues. Suitable solutions must offer network features and guard against denial-
of-service, eavesdropping, IP address spoofing, man-in-the-middle, and other attacks. A solution and a strategy
must do this all while protecting against mobile threats.
IT professionals responsible for network security need solutions that help them find as many security
weaknesses as possible, fit into the normal IT management workflow, and are easy to use.
About HP Enterprise Security Products
Todays organizations are facing the most aggressive threat environment in the history of information technology. Emerging computing trends have
greatly increased productivity and business agilitybut at the same time, have introduced a host of new risks.Actionable security intelligence is
critical to protecting your organization from this rising tide of security threats.
HP is a leading provider of security intelligence and compliance solutions for enterprises that want to mitigate risk and defend against todays most
advanced threats. Based on market-leading products from ArcSight, Atalla, Fortify and TippingPoint, HP Enterprise Security Products enables
organizations to take a proactive approach to security, integrating information correlation, application analysis and network-level defense.HP
Security Research strengthens this portfolio of solutions through innovative research, delivering actionable security intelligence while providing
insight into the future of security and the most critical threats facing organizations today. For more information about HP Network Security,click
here.
http://www8.hp.com/us/en/software-solutions/software.html?compURI=1346240#.UsswOWez54Uhttp://www8.hp.com/us/en/software-solutions/software.html?compURI=1346240#.UsswOWez54Uhttp://www8.hp.com/us/en/software-solutions/software.html?compURI=1346240#.UsswOWez54Uhttp://www8.hp.com/us/en/software-solutions/software.html?compURI=1346240#.UsswOWez54Uhttp://www8.hp.com/us/en/software-solutions/software.html?compURI=1346240#.UsswOWez54Uhttp://www8.hp.com/us/en/software-solutions/software.html?compURI=1346240#.UsswOWez54U