IT Pros Fall Short When Protecting Their Networks, Tripwire Finds
A new survey by Tripwire finds that while IT professionals are proactive in their attempts to protect networks, they aren’t as effective as they need to be.
When Are Endpoint Devices Affected?
While Tripwire found that nearly all of the IT professionals it spoke with used automated tools to track their networks, it was surprised to discover that few knew when configuration changes were made to endpoint devices.
In fact, 40 percent of respondents said that they had a “general idea” when a computer had been modified, and 17 percent had no idea.
Add that to the 10 percent of respondents who don’t track networks at all, and it’s a recipe for concern.
Network-Linked Configuration Changes Are Another Issue
Tripwire found that after an endpoint device had been reconfigured by an attacker, 40 percent of respondents wouldn’t detect the change for hours.
Another 22 percent of IT professionals said it could take days to find the configuration change.
By then, the endpoint has been infected and may be replicating its payload across the network.
Patches Don’t Always Work
When examining health care and financial industries—two sectors that must safeguard extremely sensitive customer information—Tripwire discovered that patches don’t work nearly as well as IT professionals would like. On the health care side, just 26 percent of IT professionals said that their patches worked 90 to 100 percent of the time.
Financial firms performed even worse, with just 23 percent of respondents saying they have been able to patch issues 90 to 100 percent of the time.
That’s a lot of holes left unplugged.
Effectiveness of Vulnerability Scanning Systems Is Mixed
In one of the few high points in the Tripwire survey, the security firm found that 38 percent of companies know for sure how long it would take for “vulnerability scanning systems” to alert them to an unauthorized device joining the network. However, 21 percent of IT professionals either don’t know how long it would take or don’t have a vulnerability scanner running on their networks that would search for unauthorized devices.
Government Agencies Are Slow to Fix Flaws
In its survey of government IT professionals, Tripwire asked how long it takes for vulnerabilities to be discovered and “promptly” patched.
A whopping 15 percent of respondents said issues remain unpatched within 60 days, and a third of IT professionals said fixing the issue will take between 31 and 60 days.
Approximately half of government IT professionals say they can fix vulnerabilities within 30 days.
Smaller Companies Are Less Effective at Controlling File Access
Malicious users attempting to access sensitive files is obviously one of an IT professional’s chief concerns. However, just two-thirds of companies with annual revenue of $5 billion or more can detect when an unauthorized user tries to access networked files.
And for smaller companies, that figure drops to 58 percent.
A surprisingly large number of companies, in other words, have no idea if someone—an employee, hacker or anyone else—is gaining unauthorized access to data files.
Finance Industry Automation Leaves Much to Be Desired
Heading back to the finance industry, Tripwire wanted to know how much information could be obtained about unauthorized devices connecting to the network. Just 39 percent of respondents said that they could “pick up all the information necessary” to know for sure where and what the device is. Nearly 20 percent of IT professionals say that they have no way of identifying the unauthorized devices.
Those companies, in other words, are flying blind with no way of knowing which devices need to be kicked from the network. Yikes.
Hardware Discovery Matters—but It Doesn’t Always Work
Controlling device access to corporate networks is a first line of defense against malicious hackers. However, just 16 percent of respondents said that they can always find out when hardware connects to the corporate network.
A whopping 40 percent of IT professionals know 50 percent of the time or less when new hardware is connecting to their networks.
IT Professionals Lack Key Information to Prevent Hacks
According to Tripwire, IT professionals clearly understand that they need to know what’s connecting to their networks and when.
The trouble, however, is that it often takes too long to get that information, and all the while, hackers could be running amok, stealing information and crafting nasty scenarios that those IT professionals will eventually need to deal with.
As Tripwire’s Director of IT Security and Risk Strategy Tim Erlin notes, the study shows “IT managers and executives … are missing key information that’s necessary to defend themselves against cyber attacks.”
With cyber-attacks on the rise and data at risk, enterprises are trying to take the right steps to detect network breaches and protect data resources, according to the findings of a survey by security firm Tripwire. However, while IT professionals are proactive in their attempts to protect networks, they don’t have a clear understanding of the defenses they’re employing. What’s worse, the study shows that most IT professionals have only a “vague” idea of how long it would take to identify an attack and resolve the issue, which calls into question just how safe corporate data really is.
In fact, many IT professionals won’t discover a cyber-attack until months after it’s happened—long after perhaps gigabytes of sensitive corporate data have been spirited away.
This slide show covers Tripwire’s findings, which are based on a survey of more than 760 IT professionals across both the public and private sectors.
In the end, however, the findings are clear.
IT professionals want to safeguard corporate networks, but they aren’t as effective in carrying out that task as they need to be and they are painfully aware of that condition.
Don Reisinger is a freelance technology columnist. He started writing about technology for Ziff-Davis’ Gearlog.com. Since then, he has written extremely popular columns for .com, Computerworld, InformationWeek, and others. He has appeared numerous times on national television to share his expertise with viewers. You can follow his every move at http://twitter.com/donreisinger.