Ixia (Nasdaq: XXIA), a leading provider of network testing, visibility and security solutions, recently announced the release of the first Ixia Security Report, a summation of 2016’s biggest security events including findings from Ixia’s Application and Threat Intelligence (ATI) Research Center. The ATI Research Center leverages over 800 Ixia engineers and researchers that operate a worldwide, distributed network of honeypots and web crawlers to actively identify known and unknown malware, attack vectors and application exposures.
With a combined 20 years of insights as the industry’s #1 provider of network and network security testing along with Ixia’s understanding of large scale network data distribution systems, Ixia’s security researchers provide an extensive analysis of an organization’s network attack surfaces. While increases in malware are clearly a major threat to both enterprises and service providers, network complexity is creating its own vulnerability. The average enterprise is using six (6) different cloud services, network segmentation is increasing yet 54% of enterprises are monitoring less than half of them, and less than 19% of companies believe that their IT teams are adequately trained on the wide array of network appliances they are managing.
“Organizations need to constantly monitor, test and shift security tactics to keep ahead of attackers in the fast-paced threat landscape we all deal with today. This is especially important as new cloud services and increased IoT devices are routinely being introduced,” said Marie Hattar, chief marketing officer (CMO) at Ixia. “To do this effectively, organizations must start by studying their evolving attack surface and ensure they have the proper security expansion measures in place. Simple but effective testing and operational visibility can go a long way to improving security.”
2016 highlights from Ixia’s ATI Research Center include:
Top Usernames and Passwords
Gaining access to accounts is often done the old-fashioned way—brute force guessing starting with the obvious. It is shocking how many network accounts and devices contain default usernames and passwords. At the top of the list were usernames like “root” and “admin,” but also “ubnt,” which is the default username for AWS and other cloud service offerings that use Ubuntu. IoT was also a notable target with “pi” for Raspberry PI. The passwords topping the list included favorites like “admin,” “123456,” “support” and “password.”
Top Exploited URI Paths and CMS
In computing, a uniform resource identifier (URI) is a string of characters used to identify a name of a resource, which can be interacted with via the web using specific protocols. The top exploited URI paths used for brute force WordPress logins were /xmlrpc.php and /wp-login.php. Across customers, Ixia’s ATI Research
Center also saw many attempts to scan for the phpinfo() function and that most URIs attempted for attack were PHP based.
Malware of Phishing?
Malware continued to dominate over 2016 but there were a few months — namely June, July, and August — during which ransomware phishing appeared to have outpaced malware. Top fishing targets included Facebook, Adobe, Yahoo! and AOL logins. Adobe updates were the most prevalent drive-by updates for delivering malware or phishing attacks.
“Understanding your network breadth across physical, virtual, and cloud assets is critical to protecting it,” said Jeff Harris, VP of solutions marketing at Ixia. “We see that network segmentation adoption is on the rise but up to half of those segments are not being monitored. Network visibility into every segment, IoT monitoring, and AI will be some of the key security topics in 2017.”
When asked how network visibility ranked as a priority in their IT programs in 2017, 61 percent of respondents named it as either their No. 1 priority or a top priority. Other key findings of the survey include:
- Visibility is key to breach discovery: More than half (54 percent) of respondents indicated that they most often discover a security breach through their network visibility solution. Forensic investigation was cited as the main method for breach discovery by 30 percent, and contact by a third-party by 19 percent.
- Visibility central to network monitoring and protection: A large number (54 percent) of respondents mentioned operating six or more network segments, but monitoring only half of them. Of the 40 percent of enterprises surveyed that handle more than 10,000 customer records, less than 10 percent actively monitor and protect their network.
- Visibility critical to revealing potential threats: When asked how visibility could help improve their security posture, 56 percent or respondents stated they want visibility into encrypted traffic on their networks, and 59 percent want to be able to identify applications requiring inspection. 31 percent wanted visibility into public clouds, and 29 percent wanted visibility into private cloud environments. More than 50 percent of the organizations surveyed use more than five security appliances, yet only 36 percent of respondents protect those security appliances with an external bypass.
- Cloud visibility and security concerns: 76 percent of respondents were ‘very concerned’ or ‘concerned’ about security in their cloud environment. The top security concern with cloud adoption was ‘loss of control over network data’ (56 percent) and being able to achieve full visibility across their networks (47 percent).
- Defeating DDoS attacks: As the threat of DDoS continues to rise, especially following the attacks of unprecedented scale launched using the Mirai botnet, 50 percent of respondents said network visibility solutions would help protect their organization against DDoS attacks, with a further 30 percent saying that it would help somewhat.
“Most enterprises today are struggling with network blind spots caused by increases in encrypted traffic on their networks and migrations to public and private cloud environments. They also need to get better visibility across their rapidly-expanding network estates to address performance issues and mitigate threats,” said Murali Ramalingam, Country Head- Sales, India at Ixia. “The reality is that security and analytics tools are only as good as the data they are seeing. As such, the only way to truly address these common and widespread challenges is with a strong visibility architecture. Ixia’s visibility solutions help eliminate these challenges, and enable customers to fully realize their investments in their existing security and monitoring tools.”
An organizations’ ability to gain clear visibility across their networks is increasingly challenged as more key business applications migrate to the cloud. In fact, the Cisco Global Cloud Index predicted that by 2020, 92 percent of workloads will be processed in public and private cloud data centers, and just 8 percent in traditional data centers. Enterprises are also struggling with the volumes of encrypted traffic entering and exiting their networks. A recent Ponemon study found that 64 percent of organizations cannot detect malicious SSL encrypted traffic, and 62 percent do not currently decrypt SSL traffic – yet half of all known cyberattacks used SSL encryption to evade detection in the past year.
Ixia’s Security Fabric™ architecture provides complete visibility across heterogeneous networks, using context-awareness and security intelligence to deliver de-duplicated and highly relevant traffic to organizations’ inline and out-of-band security and monitoring tools. Ixia’s Security Fabric helps ensure that the right data gets to the right tools, at the highest possible network speeds.
Ixia (Nasdaq: XXIA) provides testing, visibility, and security solutions, strengthening applications across physical and virtual networks for enterprises, service providers, and network equipment manufacturers. Ixia offers companies trusted environments in which to develop, deploy, and operate. Customers worldwide rely on Ixia to verify their designs, optimize their performance, and ensure protection of their networks to make their applications stronger. Learn more at www.ixiacom.com.
Ixia and the Ixia logo are trademarks or registered trademarks of Ixia in the United States and other jurisdictions. All other trademarks used herein are the property of their respective owners.