Even a layered approach may fail to block exploits
Until now, security experts believed a layered approach to cyber security to be the most effective way to prevent attacks. However, a new report by NSS Labs suggests that this approach to security in most cases have failed to block exploits.
In a test where layered typical defense technologies were used in various combinations, only 3 per cent of unique combinations managed to detect all the exploits used, according to the report that tested the security effectiveness of next-generation firewalls, intrusion prevention systems, and endpoint protection. The group tests included 37 security products from 24 different vendors and 1,711 exploits.
“The results present a serious challenge to the information security industry as they allow an attacker to bypass several layers of defense using only a small set of exploits,” said Stefan Frei, Research Director at NSS Labs and principal author of the report in a statement.
Frei further observed that the number of exploits that managed to dodge multiple security products, and the number of security products that were unable to block the exploits is significantly higher than the general expectation. As a result, security professionals run the risk of overestimating the security benefits of deploying multiple protection technologies.
Whether there were multiple products within a security category like in the case of intrusion prevent systems, or multiple products across multiple categories, such as having antivirus running on an endpoint and a next-generation firewall – these methods of deployment may not always provide adequate security, according to Frei.
Frei concluded that though the best practices in layered security cannot be completely ruled out, enterprises need to be careful about their ‘choice of security vendor’ and also ‘the choice of protection technologies to be combined’ so as to result in security gains.
- CISOs Should Help In Building Digital Trust With Consumers, Says Study
- How Augmented Reality Is Powering Mobile Commerce
- Battling Cyber Risks With Intelligent Automation
- Ensuring A Secured Blockchain Ecosystem
- Cyber GCCs In India At The Cusp Of Transformation
- Have We Learnt A Lesson From Facebook-Cambridge Analytica Crisis?
- Firms Unable To Cope With Security Skill Gap, Vendor Sprawl: Study
- Why VPN Services Are Getting More And More Popular
- 5 Ways To Create A CX-First Culture For Executives
- Indians Lack Awareness Of Malicious Cryptomining: Study