Content, Security Program Controls/Technologies, Network Security

Memo to MSSPs: Network Blind Spots Threaten Cybersecurity


Should MSSPs spend more time monitoring the network -- along with safeguarding endpoints? A new study of 500 infosec pros in the U.S. and Europe essentially offers that advice. Indeed, a lack of traffic visibility is leaving organizations struggling to identify network data and investigate suspicious activity tied to malicious attacks.

Full disclosure: Gigamon, which makes a traffic visibility platform, sponsored the study conducted by researcher Vanson Bourne. The survey focused on cloud security preparedness, network visibility issues and EU General Data Protection Regulation (GDPR) readiness. The research, entitled Hide and Seek: Cybersecurity and the Cloud, examined cloud migration, visibility, security and the EU General Data Protection Regulation (GDPR).

A key data point for MSSPs: Some 61 percent of the respondents consider network blind spots as a major hindrance to protecting data while 41 percent of those said they lack sufficient information to identify threats.

What prompts network security risks from data blindness? Here’s where the survey participants point:

  1. Speed. The increasing speed and growth of network traffic stresses monitoring and security tools, which are not adept at handling large amounts of traffic. Indeed, 67 percent of respondents said they haven’t scaled their monitoring and security infrastructure to meet the needs of increased data volume.
  2. Cloud security. Safety concerns hold back organizations from adopting the latest technologies even as they move more high value information to the cloud, where paradoxically, security is limited and application data is not easily accessible.
  3. Hidden data. A large amount of network data remains hidden due to data and tools still being segmented – IT and security decision-makers are not able to quickly identify and address threats and security events.

Here’s some summary information from the study:

1. Cloud migration. While only 37 percent of respondents said that the majority of their organization’s application workloads are currently located in a public or private cloud, 73 percent believe they will be fully migrated to the cloud within three years.

2. Critical data. Organizations are migrating vital data to the cloud, including corporate information (56%) and personally identifiable information (47%).

3. Traffic visibility. 43 percent of the infosec pros’ organizations do not have complete visibility into all of the data traveling across their networks. Moreover, 78 percent said that data is mostly siloed between SecOps and NetOps. And, 49 percent agree that their hybrid cloud environment prevents them from seeing where their data is located.

4. Cybersecurity spending. An increase in cybersecurity spending won’t necessarily translate to stronger security, according to 70 percent of the respondents.

5. GDPR readiness. Only 59 percent of surveyed IT decision makers believe that their organization’s network/security operations will be fully ready to execute GDPR policies and programs by the May 2018 deadline.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.