Page 71 - Cyber Defense eMagazine - September 2017
P. 71
Battling the Misconceptions Around Network Security
Requirements
By Subhalakshmi Ganapathy, Product Analyst, ManageEngine
Keeping up with the growing security risks and understanding how to protect networks is an
ever-constant challenge. As the threats evolve, businesses are forced to adapt. There are many
misconceptions surrounding network security requirements, and identifying myths about IT
security can help business leaders and IT teams make important network security decisions.
Many small-scale business leaders don’t believe that their organizations are at risk of
cyberattacks. The truth is attacks can occur in organizations of any size. The number of attacks
simply scales up as organizations grow. While a global organization with more than 10,000
employees may receive anywhere from 100-500 attacks per month, an organization with only 1-
10 employees is still vulnerable and can expect up to 50 attacks per month. And, only 24
percent of businesses are able to mitigate attacks before they occur, so one must keep in mind
that proactively protecting against possible attacks isn’t always feasible. Most attacks can be
dealt with only after they actually occur. Businesses of all sizes have to speed up the attack
discovery process and react accordingly to ensure complete network security.
Stringent compliance requirements are often seen as the biggest hurdle when it comes to
network security, but with the security landscape rapidly changing, compliance is no longer the
only challenge. Cloud adoption, increased BYOD usage, and evolving threats are beginning to
overshadow compliance issues.
Another consideration is “special” solutions. Decision makers and budget controllers may see
special solutions as an unnecessary expense, but operating with only network perimeter
devices puts businesses at risk. Sixty-four percent of security administrators say they need a
special security intelligence platform to collaborate security data and combat security attacks.
Specialized solutions like SIEM are now mandatory for protecting business networks against
attacks.
Attacks don’t stick to predictable patterns. Security attacks are dynamic and can change
patterns randomly and without warning. Businesses operating under the belief that all security
attacks follow the same pattern are putting themselves at risk. Just because businesses in a
particular sector seem more susceptible to certain types of attacks doesn’t mean they’re
immune to other, less common ones. Organizations need blanket protection from all attacks
rather than picking and choosing which types of attack they’re most likely to encounter.
Another factor to keep in mind is that network security must go beyond audit reports. Thirty-five
percent of business leaders believe annual audit reports provide a total overview of their
organization’s IT security. In reality, continuous monitoring is the key to securing networks.
Simply submitting security reports to establish a security policy — and lying idle for the
remainder of year — is not enough. Sixty-four percent of security administrators believe network
security goes beyond audit reports. Year-round monitoring keeps network security up to date.
71 Cyber Defense eMagazine – September 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide.
