Organisations caught in a firewall web

Nearly four in five surveyed rely on separate data centre and cloud services providers, potentially complicating DDoS protection.

  • 3 years ago Posted in
Neustar has released a new report from the Neustar International Security Council (NISC) investigating how organisations are managing their web application firewalls (WAF) to keep up with ever-growing, increasingly stealthy application-layer attacks.

 

An organisation’s WAF is a critical line of defence in protecting proprietary and customer data, but the concern is that some organisations are spending an outsized allotment of resources on modifying these mission-critical elements. The latest NISC survey showed that nearly 85% of organisations feel they are spending at least a moderate amount of time on modifications, with almost 40% noting they spend a lot of time.

 

Moreover, a majority of organisations have siloed their data centre services away from cloud services — nearly four in five surveyed — which could have the unintended consequence of increasing labour-intensive protection processes. According to survey findings, half of organisations are communicating with their WAF vendors’ security operations centres (SOC) on at least a monthly basis to manage security threats, while another third are communicating bi-monthly. 

 

DDoS attacks continue to be the top concern among organisations, with 22% citing such attacks as the highest potential threat. Further, organisations are well acquainted with the repercussions of DDoS, with 75% reporting they have been on the receiving end of such an attack. 

 

“Organisations may have a highly tuned, up-to-date WAF on premises, but the sheer amount of traffic and potential threats can ensnare resources and impact the ability to introduce greater precision to those key systems,” said Rodney Joffe, Chairman of NISC, SVP and Fellow, Neustar. “Steps can be taken to maintain the integrity of security systems, and potentially enhance performance, by augmenting efforts with third-party, always-on security resources.”

 

According to Joffe, such solutions can help mitigate bot-based volumetric attacks as well as other common threats that can target an application layer. Further, Joffe notes, “Some of the most robust cloud-based solutions can provide consistent coverage wherever an application is hosted, whether it’s a data centre or the cloud. The right SOC support provides assurance that emerging threats are being neutralised, enabling organisations to focus their efforts on honing their WAF for optimal performance.”

 

Findings from the latest NISC research highlighted a 12.8-point year-on-year increase in the International Cyber Benchmarks Index. Calculated based on the changing level of threats and impact of cyberattacks, the index has maintained an upward trend since May 2017.

 

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...