Survey: 77 percent of IT staffers have incorrectly reported the cause of a security incident

Share this article:
Access control has many dimensions
Nearly 50 percent of respondents still use manual processes to discover network and application performance issues.

When relaying information to executive teams, 77 percent of IT staffers admitted that they incorrectly reported the root cause of a network or security incident, according to a visibility survey released Tuesday by network connectivity, monitoring and management solutions provider Emulex Corporation.

Part of the reason could be attributed to 45 percent of IT staffs still using manual processes to discover network and application performance issues, Matt Walmsley, senior marketing manager with the Endace division of Emulex, told SCMagazine.com in a Tuesday email correspondence.

“It is surprising that the wrong information is being reported to executives so pervasively, but it is not surprising given that so many IT staffs are ‘flying blind' and monitoring their networks manually,” Walmsley said.

To top it off, of 547 self-identified NetOps and SecOps professionals in the United States and Europe that responded to the 2014 Emulex Visibility Survey conducted this spring, 79 percent said they experienced network events attributed to the wrong IT group.

“They're under pressure to provide initial explanations and then final resolutions, but frequently lack all the ‘evidence' of what exactly happened, so they have to rely on heuristics and supposition as part their analysis, while trial and error testing is used in attempting to resolve issues,” Walmsley said.

Equipping IT staffs with some combination of network performance monitoring, application performance monitoring, and security information and event management (SIEM) tools, which automatically alert to anomalous behavior and track root causes, should help the issues, Walmsley said.

Continued non-use of the aforementioned tools may result in a surplus of unresolved events, which 73 percent of survey respondents said they are currently experiencing, Walmsley said, adding organizations are open to further attacks if the hole where the attack first occurred is not plugged.

“An unresolved network event is one in which the root cause has not been established and therefore the risk of reoccurrence has not been mediated,” Walmsley said. “These events are still unresolved because these IT pros do not have access to the right post-event forensics tools.”

When it comes to costs, 52 percent of U.S. respondents said their organizations lose more than a half million dollars in revenue per hour during network outages and performance degradation, according to the survey.

Organizations are also losing more than $1 million per year investigating events lasting longer than 12 hours, according to 26 percent of respondents. 70 percent of NetOps respondents said that they spent at least one full business day investigating a critical network event.

The Emulex survey also highlights a rise in security events, with 83 percent of respondents indicating an increase over the past year, and 81 percent of SecOps respondents revealing that their organizations had experienced a breach.

“There is a very obvious lack of visibility into network and security events that is leading to a host of problems when it comes to determining the actual root cause,” Walmsley said. “Network downtime is hugely expensive, but so are the costs associated with misinterpreting data and not having a clear picture of what is causing problems on the network.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.