Traditional Security Safeguards Insufficient, New Study Finds
Results from a new application delivery networking survey took stock of the effects on enterprises of complex network attacks and what security measures they’re taking to guard against them. It’s always been a race between IT security admins and hackers, but the survey results are startling. One-third (36 percent) reported that their firewalls had failed under the load of denial-of-service (DoS) attacks at the application layer, 42 percent had a DoS-related firewall failure at the network layer), and all 1,000 large corporations (spread among 10 countries) reported losses from cyber attacks within the last year at an average cost of $682,000.
According to the report, “the front line has shifted from layer 4 to layer 7 attacks. While most traditional safeguards can handle layer 4 threats like SYN Flood DoS attacks, layer 7 threats, such as SlowLoris, are trickier. They get by layer 4 defenses because they look like legitimate traffic.
“In effect,” the report notes, “hackers have raised the ante. It is now IT’s turn to respond.” Application delivery controllers (ADCs) are one possible solution, since they understand the context of the network traffic and manage all layers, and 92 percent of respondents said they “see specific roles for ADCs.” In fact, one-third of respondents already use ADCs for security, and half of all respondents “say ADCs can replace many or most traditional safeguards.”
Of the top types of attacks, the five toughest to combat are DNS, network layer DoS , access of encrypted data, misconfigurations, and app-layer DoS attacks. More than half noted that the impact to network performance from security safeguards “is somewhat or extremely challenging.”
“The effects of cyber attacks can be crippling,” the report points out, and that should surprise no one. The most-frequently mentioned cost was to lost productivity (cited by 50 percent of respondents), loss of data (43 percent), and loss of revenue (31 percent).
The survey was sponsored by F5 Networks and conducted by Applied Research in September. Respondents reported having at a role in which they spent at least one-fourth of their time on security matters.
-- James E. Powell
Editorial Director, ESJ
Posted by Jim Powell on 11/02/2011