{"id":17367,"date":"2020-01-07T11:20:53","date_gmt":"2020-01-07T19:20:53","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2020\/01\/07\/news-11103\/"},"modified":"2020-01-07T11:20:53","modified_gmt":"2020-01-07T19:20:53","slug":"news-11103","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2020\/01\/07\/news-11103\/","title":{"rendered":"The Achilles heel of next-gen firewalls"},"content":{"rendered":"

Credit to Author: Sally Adam| Date: Tue, 07 Jan 2020 17:07:12 +0000<\/strong><\/p>\n

\n

To better understand the realities of network security today, Sophos commissioned leading research specialist Vanson Bourne to conduct an independent survey of 3,100 IT managers spanning 12 countries and six continents.<\/p>\n

The results shed new light onto the practical reality of today\u2019s network security and the challenges IT teams face. It also reveals the Achilles heel of next-gen firewalls: the struggle to balance performance, privacy and protection.<\/p>\n

Expect to find a threat on your network<\/h2>\n

The first takeaway from the survey is that organizations should expect to be hit by a cyberthreat. Over two-thirds (68%) of respondents fell victim to a cyberattack in the last year.<\/p>\n

This propensity to fall victim to a threat is not the result of a lack of protection: 91% of affected organizations were running up-to-date cybersecurity protection at the time of the attack. However, good intentions and good practices are clearly not enough: there are still holes in organizations\u2019 defenses that are enabling threats to get through.<\/p>\n

Firewall enhancement wish list<\/h2>\n

Better threat visibility topped the list of improvements that IT managers want from their firewall, with 36% including it in their top three desired enhancements.<\/p>\n

The fact that visibility outranked a desire for better protection illustrates just how significant an issue lack of insight is for IT teams.<\/p>\n

\"\"<\/p>\n

However, firewall security isn\u2019t the only area in need of improvements, three in ten of the IT managers also wanted better performance.<\/p>\n

Overall, a clear picture emerged: it\u2019s no longer a question of one or the other, rather, today\u2019s IT teams require both performance and protection from their firewalls.<\/p>\n

The understated risk: encrypted traffic<\/h2>\n

Encryption keeps network traffic private, but it doesn’t mean the contents can be trusted. In fact, encrypted traffic is a huge security risk because it renders firewalls blind to what is flowing through the network and prevents them from identifying and blocking malicious content.<\/p>\n

Hackers are actively exploiting encryption to enable their attacks to enter undetected. SophosLabs research has revealed that 32% of malware uses encryption.<\/p>\n

The level of encrypted network traffic is rising rapidly. Data from the Google Transparency Report<\/a> indicates that over 80% of web sessions are now encrypted across all platforms, up from 60% just two years ago. However, the IT managers surveyed believed that on average only 52% of their network traffic is encrypted.<\/p>\n

\"\"<\/p>\n

The discrepancy between perceived and actual levels of encryption together with the widespread use of encryption in cyberattacks suggests that encrypted traffic is an underestimated security risk.<\/p>\n

The Achilles heel of network security<\/h2>\n

While 82% of survey respondents agreed that TLS inspection is necessary, only 3.5% of organizations are decrypting their traffic to properly inspect it.<\/p>\n

There are a number of reasons behind this: concerns about firewall performance; a lack of proper policy controls; poor user experience; and complexity.<\/p>\n

\"\"<\/p>\n

The reality is that most organizations need to carefully balance performance, privacy and security. However, they lack the tools needed to do so effectively and efficiently. As a result, they are choosing to allow encrypted traffic to pass unchecked and putting themselves at risk from hidden network threats.<\/p>\n

This inability to balance performance, privacy and protection is the Achilles heel, the hidden weakness, of many next-gen firewall and UTM solutions.<\/p>\n

Sophos XG Firewall: Designed for the modern encrypted internet<\/h2>\n

The Xstream Architecture in XG Firewall v18 offers a ground-up solution to eliminating the network traffic blind spot without impacting performance.<\/p>\n

It delivers:<\/p>\n