Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

7/27/2009
03:54 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Research: LAN Sprawl Leaves Network Controls At Risk

Because of "LAN sprawl," the majority of IT decision-makers surveyed acknowledge a need to improve security in their environments

MILPITAS, Calif.--(BUSINESS WIRE)-- ConSentry Networks today announces the results of a new Loudhouse Research survey, which reveals the pressures IT decision makers face as organizations begin to open up their networks to cross-functional users, third-parties, more diverse applications, and a plethora of corporate, personal, and non-user IP devices in an effort to reap greater operational gains and lower expenses. This multi-dimensional growth—or "LAN sprawl"—places so many new demands on the network that the vast majority of IT decision-makers surveyed (72 percent) acknowledge a need to improve security in their environments. A Yankee Group report, also released today, contends that incorporating context into the LAN can help IT resolve the challenges associated with LAN sprawl.

The Loudhouse LAN Sprawl survey, conducted in June 2009, is based on 200 interviews with IT decision makers from mid-sized (250+employees) to large enterprises (1000+employees) across the US (100) and UK (100) regions. Key survey findings:

  • 93 percent say that users are now more likely to require access to different parts of the network at different times for business reasons.
  • 92 percent of respondents see an increase in the need to manage users with multiple profiles/IDs to support cross-functional needs of their organization.
  • 66 percent say the proliferation of devices and applications make it harder to audit the networks.
  • Two-thirds of IT decision makers polled believe that decisions to innovate business processes are often made without considering the impact to the network.

    IT decision makers cited several areas where they needed to improve the level of control as a result of these dynamics in their network environments. The majority of respondents highlighted the need for improved control over security (72 percent), access to specific areas/job functions (68 percent), access to specific applications (65 percent), general user access (64 percent), and ad-hoc network access (63 percent).

    The Yankee Group report warns that IT is challenged to maintain control over access to critical assets in response to LAN sprawl. To reap the business benefits of open LAN environments, the report concludes, the network infrastructure must evolve to provide greater visibility and control.

    When asked how IT managers could improve network control, Yankee Group's senior vice president Zeus Kerravala said, "As the mix of users, applications, and devices continues to diversify and grow, corporate assets are at increased risk, so the onus is on IT to build more sophisticated networks that provide context about what is connecting to the network. This context-awareness must also include understanding the relationships among users, applications, and devices and the impact that environmental factors such as location and time of day can have on these interactions. Without this level of visibility, IT will not have the means for controlling the LAN sprawl so prevalent in companies today."

    Multi-Dimensional Growth Leads to LAN Sprawl The LAN Sprawl survey asked respondents to consider how their LAN had grown over the last two years and about anticipated growth in the coming two years. A key finding is that LANs have grown at fairly consistent rates across a wide range of axes and are expected to maintain this multi-dimensional growth over the next two years, as shown in the attached graphic and on the resource page.

    Support for the virtualized workforce—the dynamic mix of permanent employees and ad-hoc workers including contractors, partners, suppliers and customers—is among the biggest causes of this widespread growth. In addition, the Loudhouse research found that LAN sprawl results from compounding effects, such as increased roles per user, rather than simply linear growth in user or application count.

    "With an increasingly mobile workforce consisting of reporters and freelance writers from all across the country, the need for visibility and control over their access to the corporate network has become a business-critical issue for us," said Vikas Khorana, IT Director at the Stevens Media Group. "ConSentry has enabled us to keep pace with this growth by providing us the deeper-level traffic intelligence and awareness down to the identity, application, and device. As a result, we are able to operate more efficiently and securely while tapping into the benefits of a dynamic workforce."

    Dynamic Work Environments Biggest Drivers of Change When considering the drivers for change to user access on their LANs, the answers from IT decision makers reflect the strategic need for enabling dynamic work environments, especially in the US. Among the top drivers cited by US respondents are to support cross-functional internal groups (62 percent), work with outsourced suppliers or customers (56 percent), enable auditors or short-term contractors to access the LAN (53 percent), and support cross-functional groups spanning internal and external users (48 percent).

    Context Is Required to Control LAN Sprawl Faced with an increasingly dynamic environment, virtualized organizations, and limited financial resources, IT departments need to find a new approach to address LAN sprawl. ConSentry commissioned the Yankee Group report to examine this issue. The study concludes that to align business networks with business processes and maintain full visibility and control, the role of the network must evolve from that of a passive infrastructure to one of being the underlying orchestrator of services and the central point for providing policy enforcement.

    To be the orchestrator, the network must have context—stateful knowledge of each flow including the end user's identity, organizational roles, devices, applications at Layer 7, and other environmental factors such as location and time of day. Only a network that is context-aware can control traffic and provide services based on higher level business rules efficiently to capitalize on the productivity potential of the virtualized workforce.

    "A decade ago, everything that touched a corporate network was known and owned by that enterprise, but today's picture is very different," continues Kerravala. "Today companies are seeking to gain competitive advantage by bringing their entire supply-and-demand chains into the network and building dynamic alliances involving not only internal users, but external users, applications, and devices. IT needs an automatic, flexible way to identify users and give them the access they need to participate in the competitive game plan of the parent company. That means context awareness has to extend across the entire LAN, even as its boundaries continually expand and change."

    For More Information Click here for the following additional resources:

  • LAN Sprawl Research: executive summary, survey data, final report
  • Yankee Group Report: The Era of the Virtualized Employee
  • LAN Sprawl Slide Show
  • Video Interview with Zeus Kerravala, Yankee Group's senior vice president
  • ConSentry's blog: En Garde: ConSentry Networks on the new LANscape

    About ConSentry Networks ConSentry is the leader in context-driven switching, a new class of switches that marries business policy with L7 visibility of users, applications, and devices to make forwarding decisions on the LAN. ConSentry's LANShield switches and controllers provide an integrated and programmable architecture for managing access to corporate assets across the LAN today and in the future. This fuels the virtualized organization by protecting assets, simplifying operations and improving productivity. More than 250 enterprises worldwide rely on ConSentry solutions for unprecedented visibility and granular, flow-based control of network access, at LAN speeds.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Why Cyber-Risk Is a C-Suite Issue
    Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
    Unreasonable Security Best Practices vs. Good Risk Management
    Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
    Breaches Are Inevitable, So Embrace the Chaos
    Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore,  11/13/2019
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    Navigating the Deluge of Security Data
    In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
    Flash Poll
    Rethinking Enterprise Data Defense
    Rethinking Enterprise Data Defense
    Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2019-19010
    PUBLISHED: 2019-11-16
    Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
    CVE-2019-16761
    PUBLISHED: 2019-11-15
    A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0...
    CVE-2019-16762
    PUBLISHED: 2019-11-15
    A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any...
    CVE-2019-13581
    PUBLISHED: 2019-11-15
    An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary ...
    CVE-2019-13582
    PUBLISHED: 2019-11-15
    An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.