Next-generation firewall adoption is on the rise, and poor change management processes are a major operations challenge, often resulting in network and application outages.
“Increasing complexity in network security not only impacts an organization’s ability to protect itself from cyber-threats, but also hampers business agility,” said Nimmy Reichenberg, Vice President of Marketing and Business Development, AlgoSec. “Based on the survey results, it’s clear that organizations are faced with increasing insider threats as well as rising risk of network and application outages, but process improvement and better security policy enforcement that leverages automation can provide significant dividends.”
Key findings from “The State of Network Security 2013: Attitudes and Opinions” include:
The greatest risk is from within - Two-thirds of respondents (64.5 percent) rated insiders as the greatest security risk. Roughly the same proportion of respondents (66 percent) expressed concern that allowing employees to “bring your own device” increased the risk of security breaches. About 40 percent reported that employee devices increase the overall risk of network and application outages.
Process is the problem - A majority of respondents (60 percent) cited poor processes and lack of visibility into security policies as the greatest challenge of managing network security devices.
Out-of-process increases out-of-service - More than three-quarters of respondents (76.6 percent) suffered a network or application outage due to an out-of-process change. This is an increase of 21.1 percent from last year’s findings.
Application-related rule changes gone awry - 80.6 percent of respondents suffered an outage, security breach or decreased network performance due to an application-related rule change.
Next-generation is now - The number of respondents that have adopted Next-Generation Firewalls (NGFWs) is now at 57 percent, up from 41.2 percent in 2012. Of those who have adopted NGFWs, a majority, 56.5 percent, reports that their objective is to improve protection from attacks. In exchange for increased security, 56 percent of respondents said they had increased work to manage the firewall process, with 46 percent citing they must make more changes.
Security in the cloud: still hazy? - Less than 20 percent of respondents said that the majority of their organization’s security controls were in the cloud. And, the larger the organization, the less likely it was to have cloud-based security.