ExtraHop, a cloud-native network detection and response provider, has announced the results of a SANS Institute survey, Network Visibility and Threat Detection
According to the report, more than 64 per cent of respondents reported suffering at least one successful attack within the last year, and 59 per cent believe a lack of network visibility poses a high or very high risk to their operations. Perhaps most concerning in light of the recent large-scale shift to remote work, 44 per cent of respondents see employee desktops as the most likely attack vector.
As enterprise organisations and government agencies grapple with how to enable, manage, and secure newly distributed remote workforces, network visibility is more critical than ever as they adjust to the new IT reality. The survey exposes major gaps in enterprise security, including that 98 per cent of respondents are concerned about their ability to see into encrypted traffic, while more than 80 per cent identified east-west traffic and network connected devices as areas of opacity.
“Having visibility of every device and how they are meant to behave on your network is crucial to understanding what constitutes normal traffic and what could be considered a deviation,” writes survey author Ian Reynolds.
Bryce Hein, senior vice-president of marketing at ExtraHop, concurs. “At a time when organisations are rapidly transitioning to remote work and cloud usage is surging, network visibility has never been more critical,” said Hein. “Organisations need to be able to see into east-west traffic to identify threats in the growing number of cloud workloads, as well as get visibility into which devices are accessing enterprise resources. The fewer tools, less time, and less friction required to get that visibility, the better.”
In addition to identifying critical gaps in network visibility, major survey findings include:
-Growing complexity within the enterprise environment. More than 93 per cent of respondents indicated that they manage more than a thousand endpoints, and almost 90 per cent manage between hundreds to thousands of servers.
-Lack of cloud visibility affects security posture. Forty per cent of respondents identified cloud-based systems as a potential entry point for malicious actors. At the same time, only 17 per cent reported high visibility into their lateral communication inside their network (east–west traffic), including all cloud traffic.
-Need to reduce tool sprawl. The majority of companies use tooling from more than 10 vendors, with nearly one-fifth utilising more than 20. Sixty eight per cent of respondents expressed a desire to reduce the complexity of their systems by reducing the overall number of tools involved in their operations.
The survey also found that, while organisations want more network visibility, there are operational impediments. Lack of staff (62 per cent), lack of time—including having other issues with greater importance—(51 per cent) and lack of appropriate skills in the existing staff (46 per cent) were the leading concerns.
According to Reynolds, machine learning will play a vital role in overcoming these challenges. “Choose tools that use machine learning to provide improved analytics for access to the right data in less time,” he writes. “This might assist in meeting staffing concerns and provide faster resolution of unexpected behaviours, threats and incidents.”