F5 Networks Gets Expert Opinions on Top Security Issues at RSA

By Peter Bernstein February 27, 2013

One of the big things at the RSA event in San Francisco has been the need for “visibility.” While this means a lot of different things depending on where in the security industry you sit, the consensus is that you can’t combat what you don’t know, i.e., visibility into what is out there is critical. 

In keeping with the idea that finding out as much as possible about threats is a great thing, F5 Networks, a leader in the critical policy enforcement area, decided to take advantage of the packed exhibit floor and queried 150 real experts — authenticated as true experts with a few questions before they were asked for more detailed information about their views— that while admittedly anecdotal was interesting to say the least. 

Survey highlights

Four questions surrounding security trends were asked. And, as F5 noted, “The survey revealed that organizations are struggling to keep pace with the changing face of security. Virtualization, BYOD and shifts in IT infrastructures and applications along with the complexity of attack types are driving new threats. IT admits that these threats are beyond the scope of traditional safeguards. As such, IT reports that their general security readiness is subpar.”

Below are the findings reported by F5.

When asked what security trends have the greatest impact on an organization’s ability to achieve the level of security it desires, respondents answered:

  • Virtualization (73 percent)
  • The increasing complexity of threats (ex: Distributed Denial of Service attacks) (72 percent)
  • BYOD (use of employee-owned devices such as smart phones for business use) (66 percent)
  • The change in the bad guys (from hackers to espionage and political motivation) (62 percent)
  • The shift from data center focused infrastructure to a cloud-based infrastructure (61 percent)
  • The shift from traditional client-server applications to Web-based applications (60 percent)

Importantly, these trends are quite common with between 58 and 75 percent of all organizations seeing these trends:

  • BYOD (use of employee-owned devices such as smart phones for business use) (75 percent)
  • Virtualization (74 percent)
  • The increasing complexity of threats (ex: Distributed Denial of Service attacks) (66 percent)
  • The shift from data center focused infrastructure to a cloud-based infrastructure (66 percent)
  • The shift from traditional client-server applications to Web-based applications (64 percent)
  • The change in the bad guys (from hackers to espionage and political motivation) (58 percent)

Threats are moving beyond the capability of traditional spam and malware detection safeguards. Unfortunately, a sizeable percentage of respondents report that traditional security safeguards are less than adequate in protecting against these new threats:

  • The shift from traditional client-server applications to Web-based applications (44 percent)
  • The shift from data center focused infrastructure to a cloud-based infrastructure (49 percent)
  • BYOD (use of employee-owned devices such as smartphones for business use) (45 percent)
  • Increased external threats (spam and malware) (39 percent)
  • Increased pace of patches issued for OS and applications (39 percent)
  • Increasing complexity of threats (ex: Distributed Denial of Service attacks) (48 percent)
  • The change in the bad guys (from hackers to espionage and political motivation) (47 percent)
  • Increasing insider threats (49 percent)
  • Expanding complexity of SSL certificate management (53 percent)

BYOD is seen as critical in an organization’s ability to achieve the level of security it desires, yet organizations are not taking the appropriate steps to address it.

  • 66 percent of respondents see BYOD as having a somewhat high impact or extremely high impact on security
  • 75 percent of respondents see the prevalence of BYOD as moderate or extreme

However, 35 percent of respondents say they are not prepared to provide adequate security to

  • Protect against threats associated with BYOD
  • Organizations are unprepared to properly address the shift to Web-based applications, and to a cloud-based infrastructure
  • 64 percent of respondents see the shift to Web-based applications as a security trend, yet 37 percent of respondents’ organizations are not providing adequate security to protect against potential threats
  • 66 percent of respondents see the shift to a cloud-based infrastructure as a security trend, yet 49 percent of respondent’s organizations are not providing adequate security to protect against potential threats

In the coming days, I will have more about all of this as I wrap up my interviews with security industry movers and shakers. However, as a benchmark of where the industry stands, the trends identified confirm the fact that the job of IT of protecting enterprise data (where it is stored) and who, what, where, why, how it is accessed, and how all of this is then tracked, analyzed and use to help mitigate risk, the state of the union is well reflected here. And, what is complicating matters is that the bad guys are sophisticated and adroit, don’t sleep and the proliferation of BYOD and the cloud is only giving them more targets of opportunity. At the same time, IT feels the speed of business change is creating an environment where they have less control just when they need more.

Help is on the way on the show floor, so stay tuned.




Edited by Jamie Epstein
SHARE THIS ARTICLE
Related Articles

GENBAND & Sonus Go Dutch for Merger

By: Maurice Nagle    5/23/2017

Mergers and acquisitions are the norm in business. However, it's not every day that two major cloud communications players with highly complementary o…

Read More

The Killer App for VR: The Ability to Meet Yourself

By: Rob Enderle    5/23/2017

I was at a VR event this week, and I'm sure the speaker misspoke when he said that one of the benefits of VR is the ability to meet yourself. But the …

Read More

WannaCry Ransomware Holds Files Hostage: Best Practices to Avoid Being a Victim

By: Special Guest    5/23/2017

More than 200,000 computers in more than 150 countries were crippled by a massive ransomware attack, dubbed WannaCry, and security experts warned that…

Read More

LeoSat Secures Japanese Investment for Enterprise Broadband Satellite Network

By: Doug Mohney    5/23/2017

Another broadband satellite cloud network moved closer to reality this month, with LeoSat securing an investment from SKY Perfect JSAT (SJC) Corporati…

Read More

Organizations Can Combat WannaCry & Jaff Ransomware With Well Instrumented DNS

By: Special Guest    5/22/2017

The Infoblox Intelligence Unit observed two global malware outbreaks on Friday, May 12. Although there is no indication that the two attacks were rela…

Read More