Endpoint security in “sorry state” as execs lament low security confidence: Cisco

Besieged by threats and struggling with increasingly outdated infrastructure, organisations are revisiting their security architectures to boost dismal levels of confidence in their cybersecurity defences, a Cisco security expert has found in the wake of the company's latest security research.

Low confidence in existing infrastructure – just 45 percent of those surveyed in the Cisco 2016 Annual Security Report said thye were confident in their cybersecurity defences – had highlighted a situation where many organisations still haven't made use of security capabilities in their existing equipment.

“We're seeing a renaissance in interest in network segmentation and application-centric infrastructure,” ANZ general manager for security sales Anthony Stitt told CSO Australia, noting that security had become a key use-case for the software-defined networking (SDN) paradigm that has recently gained prominence within networking offers from Cisco and other vendors.

“We're seeing a lot more interest from customers in turning on latent capabilities that they have in their networking infrastructure,” he explained. “They're marrying those together with identity and user and other forms of context, to enforce segmentation. There's an increasing level of interest around security architectures as a key risk mitigation strategy.”

Risk mitigation has become an increasingly important focus for CSOs and business executives alike, with 92 percent of respondents to the Cisco survey agreeing that regulators and investors increasingly expect cybersecurity risk to be managed as part of a company's overall risk posture.

That had become more difficult, however, with fewer organisations staying up-to-date with security patches and new technologies for security protection. The number of organisations saying that their security infrastructure was up-to-date dropped 10 percent from 2014 to 2015, the report found, with 92 percent of Internet devices running known vulnerabilities and 31 percent of devices no longer supported or maintained by their vendor.

“There are some basic things that aren't being done,” Stitt said, noting that the findings highlight a new normal in which “compromised systems are probably a normal state.”

“Organisations need to move to balancing their budget a bit,” he continued, “with security spending focused more on detection and response – the 'during' and 'after' phases. This is to be able to clean up quickly and easily with low cost as a business-as-usual activity, rather than the current state that can be expensive and time consuming.”

Increasingly high-profile ransomware had spooked many executives and security practitioners, who Stitt said have gained a “much heightened perception of their lack of ability to protect themselves” while struggling to deal with increasing use of encryption and the need for security equipment to be able to examine encrypted traffic in-stream.

Given the growing need for, and use of, endpoint security tools, the poor handling of encryption had remained “the elephant in the room for about 10 years now,” Stitt said, calling out “the rather sorry state of endpoint protection”.

Encryption “really makes a lot of point technologies not very effective,” he explained. “Most organisations don't have equipment with the necessary CPU grunt to be able to do the decryption work. I've been through countless exercises with customers where they've taken encryption off the table as a consideration, because they knew it would have increased the cost of the solution to the point where it wasn't affordable.”

Adequate investment and a concerted focus on improving security posture can, however, pay results: Stitt pointed to Cisco's own internal security practices, in which growing reliance on threat-intelligence tools had steadily shortened the company's response-time metrics from more than 40 hours, to less than 24 hours on average.

The average time between attack and remediation has recently emerged as a key metric of security-policy effectiveness: newly-minted security firm Forcepoint, for one, has positioned its 'dwell time' metric as a key tool to facilitate discussions about cybersecurity posture between security and business stakeholders.

Read more: ​When you can't outspend an attacker what do you do?

Participate in CSO and Gigamon's survey on Security Priorities today!

Go into the draw for a chance to win an Apple iWatch Sports or the equivalent of $500 Visa Cashcard.

For full terms and conditions click here.

Read more: Patch your Cisco firewall now unless your company has no secrets

Start survey NOW!

Join the CSO newsletter!

Error: Please check your email address.

Tags risk mitigationciscoendpoint securityAnthony Stittencryptionsecurity confidence

More about AppleCiscoCSOGigamonVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place