With both infrastructure systems and cyber attacks growing in complexity, the study revealed that enterprises find it challenging to defend their networks and applications. DNS attacks are the most frequent and difficult to defend against, and have the highest impact on enterprises.
“We’ve had some notable public attacks, both DDoS and scripting issues,” said a director of technology in a recent focus group, referring to the increasing difficulty in defending against attacks. “We’ve changed our entire policy and our infrastructure in the past year because of these things.”
The effects of DNS and encrypted data attacks are wide-sweeping across industries, with the typical cost per organization for a 12-month period being $682,000, according to the survey.
More than 50 percent of enterprises claimed loss of productivity, 43 percent of respondents reported loss of data, and 31 percent reported loss of revenue. Other costs that enterprises incur from attacks include loss of customer trust, regulatory fines, and theft of money or goods.
Traditional safeguards fall short in the face of constantly evolving threats. Of those surveyed, 42 percent had a firewall fail due to network-layer DoS traffic load in the past 12 months, with 36 percent failing during an application-level DoS attack.
Thirty-eight percent of respondents reported that traditional safeguards perform less than “somewhat well” in understanding traffic context and protecting against complex, blended threats.
“In the past three or four years, we’ve expanded the use of our Application Delivery Controllers (ADCs),” said a director of technology during the focus group. “We had two things that were driving it: security concerns and our ability to implement more Web 2.0 applications.”
IT is considering ADCs for security use, with one-third of respondents already using ADCs for security, and virtually all of them discussing it. According to the survey, only 8 percent believe their traditional safeguards are sufficient and there is no need to consider ADCs. In contrast, 92 percent see specific security roles for ADCs, and half of respondents believe that ADCs can replace many or most traditional safeguards.
“With an ADC, at least if you do have an attack on it, you have the flexibility to adapt and shut down that attack vector, and your entire network or application is not compromised,” said a senior systems analyst participating in the focus group. “You can isolate the threat from the rest of the system.”
Unify the security framework – Organizations should increase communication between security silos to get a full network security profile. Traditional security technologies focus only on a narrow slice of potential attack vectors. When an organization deploys security in silos—perimeter protection, application layer protection, data protection, etc.—they lose sight of the context of what is occurring within each silo, and how that might affect the others.
Understand attack context – Many attacks are blended across network, protocol, user, and application. Unifying security across layers L3–L7 in the network stack gives an organization the ability to better identify, defend, and adapt to these blended threats. It gives organizations an edge over attackers by making it more difficult to exploit a particular vulnerability across many vectors.
Respond and adapt – Because new exploits and vulnerabilities are introduced constantly, an organization’s security framework must respond quickly to evolving threats. Companies should seek solutions that can rapidly adapt and even help anticipate potential vulnerabilities.
Scale to combat attacks – As evidenced by the recent Anonymous and LulzSec attacks, hackers can utilize massive, global, and random attack patterns. Any approach must be able to withstand the sheer size and scope of today’s attacks, and do so cost effectively.
Build a robust community – Organizations can benefit by leveraging the combined power of a user community to mitigate the growing and changing landscape. A strong community of like-minded individuals can provide shared wisdom and insight, resulting in enhanced visibility, command, and control. With active contributions from a focused community, dynamic threat response and adaptability can be improved for all.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.