Network Complexity Creates Additional Risks to Security

Anthony Freed
By | November 14, 2012

Posted in: Network Security Trends

Managing elaborate enterprise network deployments is difficult enough, and then ensuring those systems are properly configured and secure against a myriad of threats makes the task that much more arduous. The problem for many organizations is that the growing complexity of integrating multiple vendor products and an array of policies is creating some of the very problems the solutions were meant to alleviate - system downtime and breaches of sensitive data. Recent research found that more than half of mid-sized and larger organizations believe that network complexity was the cause of some serious events.

Researchers from security provider AlgoSec surveyed security professionals representing organizations of various sizes across a broad range of industries from around the world with differing levels of network complexity and found that the vast majority (94.4%) employed solutions from multiple vendors, and 55.3% of respondents reported that the increasingly heterogeneous nature of systems they govern have actually led to a system outage, a security breach, or both.

Nearly half of the survey participants (49.6%), all of whom are directly responsible for administering networks and upholding security polices, said the biggest challenge in managing environments that incorporate products from multiple vendors is the “different expertise is required for each vendor”. Almost as many (43.7%) indicated that networks with multiple vendor products bolted-on created problems because there were simply too many policies to manage effectively.

"As you add on more layers and policies, you should always consider what's already in place and see if there are current policies that need to evolve or be removed. Understanding how all of these policies across all of the different devices work together is important," the company said in a blog post about the research findings.

Complicating the issue of governance is the fact that three-quarters of the survey participants acknowledged that they manage network security deployments manually, with just over half using vendor-supplied consoles, while nearly one-quarter still performed the task on a device-by-device level.

The research suggests that both vendor consolidation and the implementation of automation for managing device deployments would go the furthest in simplifying the task of overseeing complex networks. But the implementation of automation may create headaches of its own, according to network security specialist Dan Dieterle, and could result in unanticipated security risks and management challenges.

“One company that I know had a big named security/ patch management system that verified that all approved patches and updates were installed on thousands of servers. And it gave a wonderful report for success and failures so a monitor could check the report and know at a glance which servers weren’t patched,” Dieterle told Security Bistro.

“This worked out great until we started getting weird errors on some new software install. Come to find out numerous servers were not given a major service pack, even though the patch software console said that they all installed error free. Needless to say a lot of overtime was put in manually installing the service pack. And the automated process was never completely trusted again,” Dieterle cautioned.

You May Also Be Interested In: