Even a layered approach may fail to block exploits
Until now, security experts believed a layered approach to cyber security to be the most effective way to prevent attacks. However, a new report by NSS Labs suggests that this approach to security in most cases have failed to block exploits.
In a test where layered typical defense technologies were used in various combinations, only 3 per cent of unique combinations managed to detect all the exploits used, according to the report that tested the security effectiveness of next-generation firewalls, intrusion prevention systems, and endpoint protection. The group tests included 37 security products from 24 different vendors and 1,711 exploits.
“The results present a serious challenge to the information security industry as they allow an attacker to bypass several layers of defense using only a small set of exploits,” said Stefan Frei, Research Director at NSS Labs and principal author of the report in a statement.
Frei further observed that the number of exploits that managed to dodge multiple security products, and the number of security products that were unable to block the exploits is significantly higher than the general expectation. As a result, security professionals run the risk of overestimating the security benefits of deploying multiple protection technologies.
Whether there were multiple products within a security category like in the case of intrusion prevent systems, or multiple products across multiple categories, such as having antivirus running on an endpoint and a next-generation firewall – these methods of deployment may not always provide adequate security, according to Frei.
Frei concluded that though the best practices in layered security cannot be completely ruled out, enterprises need to be careful about their ‘choice of security vendor’ and also ‘the choice of protection technologies to be combined’ so as to result in security gains.
- Password Protected Wi-Fi Is Also Prone To Hacks: Study
- The 10 Best Companies For Women In India
- Delving Into The ABC Of Cyber Security
- Large-Scale IoT Projects Doubled In Last One Year: Study
- Weekly Rewind: Top 10 Stories On CXOToday (Oct 9-13)
- Even Minor Glitches And Breaches Can Kill Brands
- There's No Stopping The IoT Growth; Here's Why
- Paying Ransom Makes One More Susceptible To Attack: Report
- Weekly Rewind: Top 10 Stories On CXOToday (Oct 2-6)
- Gartner: Top 10 Strategic Tech Trends For 2018