Poor Internal Security Processes and Insider Threats Pose Greater Risk Than Hackers

Survey Data from AlgoSec Also Indicates Next-Generation Firewalls Address Chief Security Concerns, But Increase Cost and Complexity of Management

April 10, 2012

Roswell, GA – AlgoSec, the market leader for network security policy management, today announced the results of “The State of Network Security 2012: Attitudes and Opinions,” a survey of more than 180 IT and information security professionals conducted during RSA 2012 that reveals that poor internal security management processes present more risk than malicious threats – more than 50 percent of respondents incurred a system outage due to an out-of-process change. The survey also highlights the perception that while next-generation firewalls (NGFWs) directly address these internal challenges, they also increase the cost and complexity of management.

“While industry focus naturally gravitates toward the latest buzzwords, such as “˜advanced persistent threats,’ we were pleasantly surprised to find that practitioners primarily voice concerns with how to better manage security,” said Nimmy Reichenberg, Vice President of Marketing and Business Development, AlgoSec. “Poor visibility into what is occurring in the network, insider threats and poor processes that result in out-of-process changes are responsible for much of the day-to-day risk. Regardless of latest attack vector or breach that makes headlines, it all goes back to strong security processes, visibility and control.”

Key findings from “The State of Network Security 2012: Attitudes and Opinions” include:

• Out-of-process equals out-of-service – A majority of respondents (54.5 percent) indicated that an out-of-process change has resulted in a system outage.
• Hands-on is out of touch – Nearly one-in-three respondents (30 percent) cited time-consuming manual processes as the greatest challenge to managing network security devices.
• Enterprise risks are inside-out – When asked to cite the greatest risk to enterprise security, 28.7 percent noted a lack of visibility into networks applications while 27.5 percent highlighted insider threats, but less than 20 percent focused on external threats such as hackers.
• Next-Generation Firewalls increase security, but there is no free lunch – Of the survey respondents that have implemented NGFWs, an overwhelming majority (84 percent) believe that the increased control and visibility these devices offer improves security, but simultaneously 76.1 percent complain that the size and complexity of policy management is creating more work – on average of about one hour per day (a 12.5 percent increase).

“We have seen next-generation firewalls capture the imagination of the security industry, as granular policies and controls can greatly increase visibility into applications and users, but these controls are not without a cost, as additional work is required to manage them,” said Reichenberg. “AlgoSec is committed to helping organizations achieve the full potential from their network devices by automating these time-consuming and complex processes and streamlining operations, so security organizations can focus their time on what matters – making the business more secure.”

Download the full report – “The State of Network Security 2012: Attitudes and Opinions“. Additional resources include:

• Infographic
• Survey results

About AlgoSec

AlgoSec is the market leader in network security policy management. AlgoSec enables security and operations teams to intelligently automate the policy management of firewalls, routers, VPNs, proxies and related security devices, improving operational efficiency, ensuring compliance and reducing risk.

More than 900 of the world’s leading enterprises, MSSPs, auditors and consultancies rely on AlgoSec Security Management Suite for unmatched automation of firewall operations, auditing and compliance, risk analysis and the security change workflow.

AlgoSec is committed to the success of every single customer, and offers the industry’s only money-back guarantee.

For more information, visit www.AlgoSec.com.

Online Resources:

• Hear from AlgoSec Customers
• Visit the AlgoSec blog, Playing with Fire
• Follow us on Twitter
• Like us on Facebook
• Follow us on LinkedIn
• Find us on YouTube