Q&A: Dealing with complacency in network security

As security breaches continue to dominate headlines, businesses of all sizes and in all industries simply cannot afford to underestimate the importance of network security.

We recently spoke to Larry Zulch - President & CEO of Savvius - about the current threat landscape and the top network attacks that IT managers need to be aware of at the moment.

  1. What's new with Savvius at the moment?

Savvius has undergone a huge shift over the past year. Although there was a lot of value in the previous WildPackets brand, we felt that the name didn’t properly convey the company’s ambitions, so we rebranded the company to Savvius. Since then, we have updated our Omnipeek and Omnipliance solutions, and added a couple of new products: Savvius Insight, a mini network monitoring appliance; and Savvius Vigil, a high performance network traffic analytics appliance that also enhances post-breach incident response.

At the moment we’re developing new security-focused software based on our decades of experience with packets. We’re also continuing to develop partnerships with other technology leaders such as IBM and Cisco, that enable our products to integrate more closely with their network appliances to offer deep insights and seamless access to network monitoring and troubleshooting.

  1. What are the top network threats that IT managers should be aware of at the moment?

Perhaps the biggest issue right now is complacency. A lot of IT managers are naïve about the ability of their networks to detect and prevent network breaches. They don’t realise that there is constantly a target on their backs. This is especially true at SMBs, which often incorrectly presume that they’ll be overlooked by hackers in search of bigger companies. That was true a few years ago when the time and effort to hack an SMB was better spent on larger enterprises.

Today, hackers have sophisticated tools that automate the process of exploiting unpatched vulnerabilities. That makes it far easier and more profitable for hackers to go after companies of any size. And that’s why there’s no room for complacency when it comes to network security. There will always be new zero-day threats to deal with, but the landscape is exploding with new IoT devices that also introduce additional points of entry into a network. Some of the biggest issues are still the ones caused by well-documented vulnerabilities that haven’t been patched.

  1. How has the developing threat landscape changed the roles of network managers and security professionals in recent years?

Hackers have a lot of sophisticated tools at their disposal, including many automated hacks that make it possible to constantly bombard enterprise networks, looking for a point of entry. This has dramatically increased the number of alerts generated by the enterprise’s IDS / IPS / SIEM devices, and makes it almost impossible for IT or security teams to investigate. In fact, most companies only have the manpower to investigate around 5 per cent of the threats they receive on a daily basis.

That means that network managers and security professionals are under increasing pressure to find tools that will help them automate the capture of suspicious network data and allow them to process threat incidents faster. So it’s a matter of investigating more incidents in real time, shrinking the time required to discover breaches, and finding ways to reduce post-breach MTTR.

  1. How big of a role will education and training play in the future of network security?

The importance of proper education and training cannot be emphasised enough. It starts with all employees, not just the ones in the IT or security teams. Everyone needs to understand the dangers posed by phishing scams and other vulnerabilities related to human error. There are a lot of breaches that can be avoided through appropriate company-wide education – and it needs to be done regularly. Then for the IT and security teams, it’s vital that they are trained on the use of incident response tools so that threats can be dealt with quickly. You need the right tools and the training to use them.

  1. What advice would you offer to companies struggling to secure their network?

Take network security seriously. Don’t delay in getting an independent, external security team to handle an investigation if you feel out of your depth. These teams can really speed up the post-breach remediation process. Most companies have some kind of IDS / IPS / SIEM / Firewall equipment in place, but they also need to be prepared for occasions when these precautions fail.

Ensure that your staff are familiar with incident response tools so that they can go into action as soon as a breach is discovered.

Image source: Shutterstock/GiDesign