Besieged by threats and struggling with increasingly outdated infrastructure, organisations are revisiting their security architectures to boost dismal levels of confidence in their cybersecurity defences, a Cisco security expert has found in the wake of the company's latest security research.
Low confidence in existing infrastructure – just 45 percent of those surveyed in the Cisco 2016 Annual Security Report said thye were confident in their cybersecurity defences – had highlighted a situation where many organisations still haven't made use of security capabilities in their existing equipment.
“We're seeing a renaissance in interest in network segmentation and application-centric infrastructure,” ANZ general manager for security sales Anthony Stitt told CSO Australia, noting that security had become a key use-case for the software-defined networking (SDN) paradigm that has recently gained prominence within networking offers from Cisco and other vendors.
“We're seeing a lot more interest from customers in turning on latent capabilities that they have in their networking infrastructure,” he explained. “They're marrying those together with identity and user and other forms of context, to enforce segmentation. There's an increasing level of interest around security architectures as a key risk mitigation strategy.”
Risk mitigation has become an increasingly important focus for CSOs and business executives alike, with 92 percent of respondents to the Cisco survey agreeing that regulators and investors increasingly expect cybersecurity risk to be managed as part of a company's overall risk posture.
That had become more difficult, however, with fewer organisations staying up-to-date with security patches and new technologies for security protection. The number of organisations saying that their security infrastructure was up-to-date dropped 10 percent from 2014 to 2015, the report found, with 92 percent of Internet devices running known vulnerabilities and 31 percent of devices no longer supported or maintained by their vendor.
“There are some basic things that aren't being done,” Stitt said, noting that the findings highlight a new normal in which “compromised systems are probably a normal state.”
“Organisations need to move to balancing their budget a bit,” he continued, “with security spending focused more on detection and response – the 'during' and 'after' phases. This is to be able to clean up quickly and easily with low cost as a business-as-usual activity, rather than the current state that can be expensive and time consuming.”
Increasingly high-profile ransomware had spooked many executives and security practitioners, who Stitt said have gained a “much heightened perception of their lack of ability to protect themselves” while struggling to deal with increasing use of encryption and the need for security equipment to be able to examine encrypted traffic in-stream.
Given the growing need for, and use of, endpoint security tools, the poor handling of encryption had remained “the elephant in the room for about 10 years now,” Stitt said, calling out “the rather sorry state of endpoint protection”.
Encryption “really makes a lot of point technologies not very effective,” he explained. “Most organisations don't have equipment with the necessary CPU grunt to be able to do the decryption work. I've been through countless exercises with customers where they've taken encryption off the table as a consideration, because they knew it would have increased the cost of the solution to the point where it wasn't affordable.”
Adequate investment and a concerted focus on improving security posture can, however, pay results: Stitt pointed to Cisco's own internal security practices, in which growing reliance on threat-intelligence tools had steadily shortened the company's response-time metrics from more than 40 hours, to less than 24 hours on average.
The average time between attack and remediation has recently emerged as a key metric of security-policy effectiveness: newly-minted security firm Forcepoint, for one, has positioned its 'dwell time' metric as a key tool to facilitate discussions about cybersecurity posture between security and business stakeholders.Read more: When you can't outspend an attacker what do you do?
Participate in CSO and Gigamon's survey on Security Priorities today!Go into the draw for a chance to win an Apple iWatch Sports or the equivalent of $500 Visa Cashcard.
For full terms and conditions click here.Read more: Patch your Cisco firewall now unless your company has no secrets