Page 17 - index
P. 17
The 12 Worst Network Security Practices Part 1 – Do you really
need that shiny new toy?
By: Ofer Or, VP of Products at Tufin
Typically we see ‘best practices’ published pretty widely, but Gartner has decided to flip that
trend on its head and release a report, “Avoid these ‘Dirty Dozen’ Network Security Worst
Practices,” showcasing the absolute worst habits security experts find themselves picking up in
the industry. Managing network security is by no means a simple feat, and it doesn’t make it any
easier when there’s a new technology or tool introduced “to help” almost daily. Don’t get me
wrong, innovation is a great thing, especially when it comes to network and data security, but in
some cases, the temptations of a ‘shiny new object’ can be too strong to ignore… which leads
us to Gartner’s first worst practice: ‘shiny new object’ syndrome.
What is ‘Shiny New Object’ Syndrome?
Think back to childhood. You got the coolest, most advanced new toy. Everyone wanted to be
your friend and play with your new toy. But then two weeks later an even cooler, newer toy
came out, and everyone moved on to bigger and better things.
Now, from a more technological perspective, ‘shiny new object’ syndrome refers to the IT
professionals’ need to have the newest and best of the best. Specifically regarding security
professionals, there is an overwhelmingly popular belief that the only way to solve today’s
current and evolving security threats is by using the most cutting-edge technologies and
services – which isn’t always the case.
Out with the… New, in with the… Old?
We aren’t saying you can’t have nice things, we’re just saying you don’t necessarily need them
to get the job done. We learned this year that a majority of network security data breaches can
be attributed to human error – with most caused by ‘malicious outsiders’. However, surprising
25 percent of breaches were caused by ‘accidental losses’ due to human error. This means that
a quarter of network security breaches could be prevented by eliminating this error. Even more
fascinating is that all but five percent of all investigated security incidents find human error to be
a contributing factor, and the most frequently named form of human error is system
misconfiguration.
Basically, if an organization can figure out how to maintain control over the technologies and
tools they already have in place, while lessening the likelihood of human error, they have the
ability to drastically shrink that organization’s risk levels. Therefore, the solution to your security
woes may be right under your nose. Sometimes all an organization needs to face these security
challenges and reduce its attack surface is better implementation and management of its
existing network security systems.
17 Cyber Warnings E-Magazine – August 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
