Even a layered approach may fail to block exploits
Until now, security experts believed a layered approach to cyber security to be the most effective way to prevent attacks. However, a new report by NSS Labs suggests that this approach to security in most cases have failed to block exploits.
In a test where layered typical defense technologies were used in various combinations, only 3 per cent of unique combinations managed to detect all the exploits used, according to the report that tested the security effectiveness of next-generation firewalls, intrusion prevention systems, and endpoint protection. The group tests included 37 security products from 24 different vendors and 1,711 exploits.
“The results present a serious challenge to the information security industry as they allow an attacker to bypass several layers of defense using only a small set of exploits,” said Stefan Frei, Research Director at NSS Labs and principal author of the report in a statement.
Frei further observed that the number of exploits that managed to dodge multiple security products, and the number of security products that were unable to block the exploits is significantly higher than the general expectation. As a result, security professionals run the risk of overestimating the security benefits of deploying multiple protection technologies.
Whether there were multiple products within a security category like in the case of intrusion prevent systems, or multiple products across multiple categories, such as having antivirus running on an endpoint and a next-generation firewall – these methods of deployment may not always provide adequate security, according to Frei.
Frei concluded that though the best practices in layered security cannot be completely ruled out, enterprises need to be careful about their ‘choice of security vendor’ and also ‘the choice of protection technologies to be combined’ so as to result in security gains.
- 70% Indian Firms To Deploy AI By 2020: Intel
- Why Cloud Adopters Need Visibility Into Their Network
- Cyber Security Jobs At Premium As India Goes Digital
- Trends In Information Management: An India Perspective
- Cyber Security Predictions For 2018
- SpiderOak CEO Warns Of 10 Cybersecurity Threats For 2018
- Uber Data Breach: Accountability, Corporate Ethics In Question
- Customer-Facing Web, Mobile Apps Pose Highest Security Risk: Study
- Stratus Unveils Edge Computing Strategy
- 70% Consumers Stop Following A Business After Data Breach: Study