Traditional Security Safeguards Failing Businesses: F5 Survey

Attacks are becoming more difficult to defend against and are expensive to mitigate, with traditional safeguards falling short, according to a worldwide study.

The security study—whose results were announced by application delivery networking specialist F5 Networks (NASDAQ: FFIV)—measures the effects of increasingly complex network and application attacks on enterprise organizations, and details the security practices that enterprises are adopting to guard against these threats.

Ninety-two percent of those surveyed view application delivery controllers (ADCs) as an appropriate alternative to traditional security solutions, finding that the utilization of ADCs for security purposes continues to gain traction. “Traditional security technologies are struggling to keep pace with the expanding threat landscape; as cyber-attacks become more malicious, employees are also becoming more distributed and infrastructures are growing in complexity,” said Karl Triebes, CTO and senior vice president of product development at F5. “As such, many enterprises are turning to ADCs to address critical security concerns that traditional safeguards cannot reach.”

With both infrastructure systems and cyber-attacks growing in complexity, the study revealed that enterprises find it challenging to defend their networks and applications. The survey found that Domain Name System (DNS) attacks are the most frequent and difficult to defend against, and have the highest impact on enterprises. “We’ve had some notable public attacks, both DDoS [distributed denial of service] and scripting issues,” said a director of technology in a recent focus group, referring to the increasing difficulty in defending against attacks. “We’ve changed our entire policy and our infrastructure in the past year because of these things.”

The effects of DNS and encrypted data attacks are wide sweeping across industries, with the typical cost per organization for a 12-month period being $682,000, according to the survey. More than 50 percent of enterprises claimed loss of productivity, 43 percent of respondents reported loss of data, and 31 percent reported loss of revenue. Other costs that enterprises incur from attacks include loss of customer trust, regulatory fines, and theft of money or goods.

Regarding ADCs, the survey indicated IT departments are considering ADCs for security use, with one-third of respondents already using ADCs for security and virtually all of them discussing it. According to the survey, only 8 percent believe their traditional safeguards are sufficient and there is no need to consider ADCs. In contrast, 92 percent see specific security roles for ADCs, and half of respondents believe that ADCs can replace many or most traditional safeguards.

The F5 Networks 2011 ADC Security Study was commissioned by F5 to gauge the current security threat landscape and its effect on enterprise security management. Conducted by Applied Research in September 2011 through phone interviews and focus groups, the survey included responses from 1,000 large organizations in 10 countries around the world. Applied Research spoke with senior IT management in a variety of roles.