Around 71% of organizations said they had already made the transition to 10Gb/s networking, while 43% said they plans to deploy 40Gb/s or 100 Gb/s networking, according to a survey of 200 security professionals from Fortune 500 companies conducted by an independent research firm for Endace.
As deployment of high-speed networks expands, companies are finding it difficult to accurately monitor how and why their networks fail. With 40Gb/s and 100Gb/s networks on the horizon, security blind-spots due to higher network speeds will only increase, the report stressed.
“Above 2-3 Gb/s, the traditional vendors that use a software-based approach to acquire packets are having serious problems scaling. Organizations are recognizing the risks associated with not seeing everything on their networks. You can deploy all this technology, but in fact it is not giving you a full picture of what is really going on”, said Tim Nichols, vice president of global marketing at Endace.
“The underlying foundations of a lot of these systems – which is the way they acquire packets from the wire in order to interpret them, run them through signatures, whatever these systems do – simply aren’t seeing all of the packets. These systems are failing to alert about bad stuff that is going on inside the network”, Nichols told Infosecurity.
According to the survey, 47% of organizations believe they are missing potentially significant network intrusion events due to failing or underperforming systems; 65% said they did not record network traffic for the purposes of forensic analysis of network events.
Organizations “were telling us about holes in their network visibility and what that meant to them as an organization in terms of compliance, in terms of corporate risks, in terms of reputation damage that they potentially expose themselves to….It is clear that they want and expect vendors to be able to scale with them through 10 Gb/s into those higher speed environments”, Nichols said.
Around 42% of those surveyed admitted to having been the victim of a cyberattack in the last 12 months, and 67% of those respondents admitted to serious problems investigating the attack.
One-third of organizations reported experiencing some kind of data loss in the past 12 months, with 39% being unable to accurately identify what was lost.
“At speeds over 3Gb/s software-based packet capture solutions start to become vulnerable to packet loss due to processor clock-speed limitations. In our experience, at speeds over 3Gb/s the only truly reliable way to ensure that the application sees every packet is to deploy a purpose-built, hardware-based packet capture solution”, the report concluded.