As far along as we are in 2015 technology and despite all the security solutions available, a majority of enterprises still do not have adequate basic perimeter security or threat responsiveness to protect their data centers and cloud systems. Hacker break-ins and data theft reports nearly every week in the news bear this out.
The SANS (System Administration, Networking and Security) Institute, a respected global information security training and analysis provider, has come out with its first “State of Dynamic Data Center and Cloud Security in the Modern Enterprise Survey and Research Report,” and most of the findings are disconcerting at best.
Authored by SANS expert analyst Dave Shackleford, it includes results of a survey that polled 430 security and risk professionals from the SANS community, all working in private and public sector organizations ranging in size from 100 to more than 15,000 employees. SANS members polled in this survey are heavily involved in developing their organizations’ overall security strategies, choosing effective technologies and serving on the front lines in the fight against attackers.
Responding to Hacks Takes Far Too Long
The report, released Oct. 14, included the following metrics:
–Nearly six in 10 (59 percent) organizations say they are able to contain a threat within 24 hours, which is an eternity in security time. A full day leaves systems open to prolonged and increased damages as attacks spread laterally through data centers and clouds.
–Containment times reported by respondents included: up to 8 hours (37 percent of respondents); up to 24 hours (21 percent); less than a week (19 percent); and more than a week (17 percent).
–Notably, 55 percent of respondents are dissatisfied with the length of time it takes them to contain and recover from attacks.
Time Is the Biggest Damage Factor
“When it comes to limiting damage and preventing data breaches, time continues to be the biggest challenge for security and risk professionals,” SANS analyst Shackleford said. “Most respondents said they use traditional tools to monitor traffic between data centers and internal or external clouds, and are unhappy with the level of visibility and containment speeds they get.
“If our security stance is going to improve, we need better visibility, the ability to make configuration changes faster and to contain attacks more quickly.”
The wide range of response times, according to the SANS report, are undoubtedly the result of the inability of some traditional security tools to assist organizations in detecting and managing attack scenarios. According to the survey, between 75 and 96 percent of organizations are using traditional solutions in data centers, which include everything from firewalls to those that focus on detection and intrusion-prevention such as IDS, IPS, IAM and anti-malware.
“Organizations should have controls that keep security in place regardless of where digital assets are located. That means looking beyond network perimeters by adding a focus on enacting policies and controls closer to application workloads and associated data flows distributed across data centers and clouds,” Shackleford said.
In 2015, 148 million records have been breached in 129 reported incidents—incidents that sometimes go undetected for months at a time, said Alan Cohen, chief commercial officer of Illumio, the sponsor of the survey.
“If this teaches us anything, it’s that exclusive reliance on detection overlooks how attacks spread laterally and remain active over extended periods within data centers and clouds,” Cohen said. “As this report clearly shows, public and private sector organizations need to prioritize visibility and containment and not just suspicious and anomalous communications to the attack surface across these computing environments.”
Other Data Points
Traditional tools not stopping breaches: Forty-four percent of enterprises reporting breach information have had sensitive data accessed by attackers; these same respondents were among those using traditional security tools in their data centers and clouds; 28 percent of organizations have experienced up to six data breaches in the past 24 months. Tools in use by the respondent segment include everything from network firewalls (used by almost 100 percent of respondents) to IDS, IPS, IAM and anti-malware technologies.
Security losing ground in cloud, distributed computing game: Thirty-seven percent of organizations use distributed cloud and data center computing systems; 44 percent of respondents said their biggest challenge was that cloud providers don’t offer visibility needed to protect users and data; 19 percent say cloud providers don’t give them security support needed; and 49 percent have no formal cloud security strategy in place.
Making matters worse is the lack of effective security controls available and in use. While 75 percent to 100 percent of respondents are using traditional tools in data centers, that number drops off to less than 35 percent in the cloud.