Businesses at Risk Due to Unidentified Network Traffic, According to Sophos Global Survey

Sophos (LSE: SOPH), the network and endpoint security company, just published the results of a new survey,The Dirty Secrets of Network Firewalls. This report contains several astonishing findings, including that IT managers cannot identify 45 percent of their organization’s network traffic. Nearly one-in-four cannot identify 70 percent of their network traffic.

The evident lack of visibility raises a number of serious security issues. For instance, if a malicious actor is exfiltrating data from your network, would you know? At a higher level, how confident can you be that your environment is secure if you don’t know what’s flowing in and out of your network.  Eighty four percent of respondents agree that a lack of application visibility is a serious security concern. Without the ability to identify what’s running on their network, IT managers are blind to ransomware, unknown malware, data breaches and other advanced threats, as well as potentially malicious applications and rogue users.

I spoke about the survey with Chester Wisniewski, Principal Research Scientist at Sophos. His belief is that network firewalls with signature-based detection are unable to provide adequate visibility into application traffic due to a variety of factors such as the increasing use of encryption, browser emulation, and advanced evasion techniques.

“The traditional ways of managing and monitoring encrypted data on the network are challenging to keep up,” said Wisniewski. “PKI and certificates can be cumbersome and difficult to stay on top of, even for large and sophisticated IT operations.” The solution, which Sophos has available now, involves getting endpoints and the network to “talk to one another,” as Wisniewski put it, and allowing IT to see apps running on the network.

Now, it is possible to tag data streams so the endpoints “know” whether the data is being used or shared within policy. For instance, the tag could reflect that the data comes from a specific database and is intended for use by a specific, authorized system. “This removes the need for packet inspection, which honestly you can hardly do anymore at scale.” The Sophos synchronized security technology allows the network and endpoints to talk to each other and share intelligence while Sync App Control in Sophos’ XG Firewalls, leveraging this synchronized security technology, allows IT to see the apps on the network.

The Dirty Secrets of Network Firewalls survey results are available in a PDF report.