Config Errors Leaving Huge Security Holes: Study

Cloud computing, the ubiquity of mobile devices and the necessity of sharing real-time business information with multiple partners, business units and customers has created gaping security holes in enterprise IP networks, according to a new study by IT research firm Yankee Group.

In its whitepaper titled “IP Network Configuration and Vulnerabilities: What You Don’t Know Can Hurt You,” senior analyst Phil Hochmuth asserts that the one of the biggest obstacles facing large companies today is managing the configurations and security settings on thousands of network devices dispersed across their global IT infrastructures.

According to the Open Security Foundation, so far this year 37 organizations have lost almost 132 million sensitive records through external hacks as a result of sloppy or poorly secured network IP configurations.

“More and more organizations are opening their networks to external business partners, suppliers, contractors and customers, and all this increased connectivity introduces more complexity, which creates management and operational challenges for network and security operations teams,” Hochmuth said in the report.

Hochmuth said most of these lapses in security, compliance and proper configuration can be resolved by installing a software monitoring application specifically designed to detect and track configuration errors in IP network devices.

Telcordia, a Piscataway, N.J.-based security software maker, is one of several vendors—including Cisco Systems and IBM—that’s developed security software applications to address all these disparate network devices connecting to enterprise networks.

Company officials said its IP Assure application continually analyzes IP networks in their entirety—not just o a per-device or per-protocol basis—and provides real-time, multi-protocol views and topologies.

“Enterprises now can measure by-the-hour or by-the-minute data on revenue or productivity lost if their critical network connections go down,” Adam Drobot, president of Telcordia’s advanced technology solutions group, said in a statement. “IP Assure significantly reduces costs associated with configuration errors that can add up to millions of dollars per year for a Global 2000 organization.”

The Yankee Group study, which will be presented during a Telcordia-sponsored security forum next week, found that misconfigured infrastructure, unknown ingress and egress points and basic vulnerabilities to core networking equipment continues to threaten enterprise customers’ business continuity and cost millions in lost data.

Cisco Systems last year debuted Cisco Virtual Office, a hardware and software bundle designed to connect remote workers and partners to its IP network while maintaining the same security protocols established for on-site staff.

And companies such as Sourcefire are extending this same type of security technology to virtual environments.

Hochman said that as companies continue to open up their networks to external partners, suppliers and customers, security vendors will have ample opportunities to grow their network-centric security software business.

“With the rapid pace of change within an infrastructure due to equipment modifications and security demands, [companies] need a solution that offers a complete view of the state of the network, including compliance, network vulnerability mitigation, traffic/infrastructure engineering and application troubleshooting,” he said.

News Around the Web