Today’s CIO is busier than ever. There is a myriad of issues that must be managed at all times, and those issues are growing daily. Keeping up can seem like a Herculean task. Of course, the biggest stress inducer is arguably security and the task of securing enterprise networks is getting more challenging by the day. Just look at the devastation caused by WannaCry. It crippled mission-critical systems at organisations like the National Health Service in the UK, Renault in France, Telefonica in Spain and MegaFon in Russia.
Unsurprisingly, enterprise IT teams are working hard to stay ahead of the charlatans, but it’s not an easy battle because it’s so time- and resource-intensive. This trend is highlighted in the tenth annual State of the Network (SotN) survey of more than 1,000 CIOs, network engineers and IT directors, reinforcing the need for increasing security measures.
Prior to WannaCry, the Mirai botnet caused widespread damage in 2016 — yet another example of what can happen when cyber criminals get one step ahead of security systems and protocols. Since August last year, Mirai has been used in some of the biggest distributed denial of service (DDoS) attacks, targeting networked devices running on out-of-date versions of Linux.
For the most infamous version of what can happen when security breaches occur, you do not need to look any further than the 2016 U.S. elections when hackers leaked reams of internal communications to the public. The extent of the impact on the outcome of the election will probably never be known.
In the enterprise IT realm, however, we do know the impact of security attacks. They are very costly, to say the least, in terms of money, lost data and potential damage to corporate reputation. In just the past year, the cost of each lost or stolen record containing sensitive information increased to an average of $ 221, and the average consolidated cost of a single data breach increased from $6.5 to $7 million.
A day in the life of IT
Dealing with these types of ever-evolving, advanced security threats requires a great deal of vigilance and planning. With this in mind, the SotN survey turned up some very interesting data on how IT pros are coping. Some report highlights:
The study found that 88 per cent of the respondents said that they are active in troubleshooting some sort of security-related issues. Nearly 80 per cent of those reported that they now spend more time on these issues than before, with almost three out of four spending nearly 10 hours per week on them.
When asked about the nature of the security threats that they have faced in the past year, IT teams said that there is quite a rise in email and browser-based malware attacks (63 per cent), with increased threat sophistication. Also, one in three IT teams noted there has been a surge in DDoS attacks, and nearly a third report an increase in ransomware.
So, how have they been identifying and combating these issues? Nearly a third of the respondents said that Syslogs were the primary method for detecting these rampant security issues, while 23 per cent reported long-term packet capture as the primary method. For 15 per cent of respondents, tracking of performance anomalies is their clue that something is amiss. Yet IT pros are still struggling with attacks, despite the fact that security is the number one spending priority for CIOs.
Beyond security, a number of other trends and issues are driving the network team workload. Today’s IT teams report that bandwidth usage among enterprises continues to grow at a rapid rate, with two out of three respondents expecting the demand for bandwidth to increase by up to 50 per cent in 2017. This surging data trend is resulting in increased adoption of emerging technologies such as software defined networks (SDN), private and public clouds, and gigabit Ethernet. Network teams have been forced to manage these initiatives while at the same time dealing with the incredible rise in security threats.
Where do we go from here?
So, what can IT professionals do to make their lives easier in the future?
1) Know your “normal.” It’s absolutely critical to recognise abnormal traffic patterns to pinpoint a security issue or a sustained attack. Start by analysing network traffic and behaviours, either manually or through a freeware analyser like Wireshark. You could also use automated benchmarking in commercial network performance monitoring and diagnostic (NPMD) tools.
2) Invest in remediation. A recent Mandiant M-Trends reports said that the median number of days attackers spent on a victim’s network before being noticed or identified was 146 days. That’s quite a long time, especially considering the fact that on average, companies spend more than $10 billion a year on preventative security measures such as firewalls, data loss prevention, intrusion detection systems and other traditional security tools. Yet, clearly this isn’t working — roughly 90 per cent of U.S. companies have been successfully hacked. Companies need to actively invest in remediation strategies to improve detection and validate malware clean-up. By using complete packet capture with retrospective analysis, network teams can go back to the time of the incident and discover exactly what the hackers were able to get their hands on.
3) Facilitate security-network team collaboration. It’s very important that enterprises ensure successful collaboration between security and network teams on investigations with workflows, and integration between network forensics, performance management tools and security.
Lastly, for data centres and large enterprises with high data traffic, a purpose-built appliance with its own analytics could be a viable option for advanced security forensics. There are appliances – depending on size and volume – that can capture and store up to a petabyte of network traffic for analysis at a later time, allowing room for growth in future organisation network demand.
Increased visibility and analysis of network traffic not only simplifies forensic investigations to more quickly determine exactly what data was targeted, but it also helps with troubleshooting ongoing performance issues without having to wait for an anomaly to repeat itself. For many enterprises, network forensics capability could mean the difference between effectively identifying a hacker or missing the breach entirely.
As long as the data stored in our networks continues to represent a valuable prize for hackers, we will never be completely free of security concerns. From IT system administrators to CIOs, we need to remain vigilant and be sure that our security defences are strong and up-to-date. Because the price of leaving your network vulnerable to attack is simply too high to risk.
Doug Roberts, VP and General Manager, Viavi Solutions
Image Credit: Flex