Network security policy management provider AlgoSec,today announced the results of “Network Security Management: Attitudes and Opinions,” a survey of more than 100 information security professionals on why businesses struggle with network security management. Faced with increasingly complex corporate networks, the survey found that the majority of information security professionals believe human error to be the primary reason for network security disruptions.
According to the survey, 66 percent of respondents cited human error in the configuration of network devices as the most common cause of outages in the past 12 months, followed by capacity overload (14 percent) and flaws in the gateway product (9 percent). The majority of respondents claimed to have anywhere from ten to forty-nine different security gateways installed on their network. Another 15 percent of companies had more than fifty security gateways installed.
“Network and security managers are faced with an evolving landscape of both internal and external threats to corporate data,” said Prof. Avishai Wool, AlgoSec’s CTO. “At the same time, their corporate networks are constantly changing to adapt to the needs of the business — this could be working with new business partners, acquiring another company, or simply adding credit card data to the mix. Managing the sheer number of devices, not to mention the changes that these devices undergo, is a daunting task for any organization.”
The most common security gateways were firewalls, installed on 98 percent of corporate networks, along with anti-virus (found on 90 percent) and content filters (on 85 percent). Among these devices, firewalls were said to require the greatest investment of time and were held responsible for causing the most network disruptions. 73 percent of respondents cited a “high number of changes” as the primary reason for the large time investment in managing security gateways.
“The survey suggests that organizations may actually over-invest in extra capacity in fear of network outages, rather than address security management issues that can have the same impact,” said Nimmy Reichenberg, AlgoSec’s VP of Marketing.
“The only constant in network security management is that configurations are constantly changing,” continued Wool. “But often the most dangerous device on the network is the keyboard — where configuration errors are made. We need to take this responsibility out of the hands of administrators. Automation is critical to maintaining proper security and operations. Without it, too much is left to chance.”