Key findings from the survey showed:
* More than 71 percent of respondents are concerned that their company is not equipped to protect itself from cyber attacks; approximately 88 percent think the government is not equipped to protect itself.
* The overwhelming majority of respondents (93 percent) believe cyber attacks are on the rise.
* Respondents cited viruses and malware (67 percent) and DoS attacks (50 percent) as significant threats to organizations today.
* Respondents (nearly 74 percent) expect their service provider to provide protection against cyber attacks.
* The clear majority of respondents (90 percent) believe the best way to protect against cyber attacks is with a solution that detects, analyzes and mitigates unwanted, unwarranted or malicious traffic in real time.
Many fear critical networks face significant threats
It is no surprise that the majority of survey respondents feel cyber attacks are increasing with alarming frequency. News reports of various worms, bots, viruses and identity theft have put the public on high alert. But despite an increased awareness of cyber attacks and a renewed effort by the Obama administration to fight cyber threats, few respondents feel critical government networks and company networks are adequately protected (12 percent and 19 percent, respectively).
Not only do respondents believe more cyber attacks are being levied on critical networks, an overwhelming majority (95 percent) believe those attacks are increasing in sophistication, as compared with attacks from a year or two ago. Survey results indicate an inability to protect sensitive and confidential data (69 percent) is a top concern among respondents. This is especially true in a cloud environment.
Responsibility of protection placed on carriers
Although malicious activity on the Web has undoubtedly prompted most — if not all — organizations to put some sort of network security in place, more than 73 percent of respondents feel the onus of security should fall to their respective carriers or service providers. While not part of this study, we believe the reasons for this expectation are because of resource constraints in most organizations, the relative scarcity of skilled personnel, and the lack of widely available tools to detect and mitigate sophisticated attacks.
With a rise in the complexity and sophistication of attacks, the type of security tools that service providers deploy may well be a differentiator as customers begin to understand the real, devastating threats present in the cyber world.
Real-time detection, analysis, mitigation essential in cyber security solution
As more networks become compromised, it is evident that standard approaches using signature- and policy-based software and hardware such as malware/anti-virus, firewalls, IDS/IPSs, and SEMs alone or in combination are critical but insufficient. Rather, a multi-tiered system based on vulnerability analysis and risk assessment of the data contained in the network — enabling complete network and data visibility in distributed, heterogeneous networks and real-time processing and policy enforcement — will emerge as a more desirable and complete solution.
In fact, NSA Director Gen. Keith Alexander recently said, “We need real-time situational awareness in our networks, to see where something bad is happening and to take action there at that time.” The majority of respondents in the survey (90 percent) echoed this sentiment, showing a clear understanding that “you cannot protect or manage what you cannot see.” A further 59 percent believe technology exists to provide this type of protection against sophisticated attacks. More than 40 percent, however, don’t understand their options to improve their security. The industry must improve awareness and education to broadly help governments, businesses and consumers understand that if we work together, we can drastically improve our ability to detect and mitigate threats.
Savvy network and security professionals are also looking to solutions that do more — solutions that complement existing signature and security appliances while also providing a breadth of services designed to manage and protect the integrity of their network.
A cyber security ecosystem
Realizing that one company cannot possibly offer technology and services to cover the vast needs among organizations, cyber security vendors must cooperate with each and form a “cyber security ecosystem” and to offer more value to their customers. In an ecosystem, vendors interoperate with others in their ecosystem — such as combining the best of forensics, visualization, data mining and storage — in addition to their own cyber security solution. This integrated approach seems more valuable as it enables “best of breed” solutions to be combined based on the risk assessment and vulnerability analysis. By extending a vendor’s product set through partnerships, cyber security vendors add critical value to their product and provide the best possible system for network protection and management.
“Narus sponsored this survey to uncover what’s important to the people most affected by malicious cyber activity — the network and security professionals,” said Greg Oslan, CEO and president of Narus. “Armed with these results, Narus can bolster its campaign to arm the world’s most critical networks with cyber protection — a solution that will provide the ability to see clearly and act swiftly.”
Narus Survey Methodology
The survey questions were developed by Narus, Converge! Network Digest and Government Security News, with input from noted telecom and security industry pundits. Opinions were gathered online from respondents, representing a cross-section of professionals in a variety of industries. One-on-one interviews were conducted to add more depth to the survey.
Narus is a leader in real-time traffic intelligence and analytics technologies, enabling customers to identify and act on anomalous traffic in its network. Coupled with its unique algorithms and analytics, Narus helps carriers, governments and enterprises to manage and protect their large IP networks against cyber threats and the risks of doing business in cyberspace. Narus provides this information in real time, and can be used in large distributed networks because its software is massively scalable.
Narus’ system protects and manages the largest IP networks in the United States and around the world, some of which include KT (Korea), KDDI (Japan), Raytheon, Telecom Egypt, Reliance (India), Sify (India), Cable and Wireless, Saudi Telecom, U.S. Cellular, Pakistan Telecom Authority and many more. Narus is a wholly owned subsidiary of The Boeing Company. Narus is headquartered in Sunnyvale, Calif., with regional offices around the world. For more information, please visit www.narus.com