Enterprises need to take their securitystrategy beyond stacking up layers ofperimeter defenses to building uppredictive intelligence that stops networkhacks in their tracks.

PerimeterDefensesDEPENDS ON MORE THANT R U E N E T W O R K S E C U R I T Y

Where NetworkThreats LieNetworks have extendedtheir reach and theirpopulations, spanningmultiple public andprivate clouds, datacenters and carriers andplaying host to a slew ofconnected devices usedby employees, contractors,partners and suppliers. Asboth their spans andendpoints increase, so toodoes their vulnerability toexternal as well asinternal attacks.

T H E A N S W E R : E V E R Y W H E R E .

The most common ways in which breachesoccurred over the last 12 months wereinternal incidents within the organization –38%. That was followed by external attackstargeting the organization, at 28%.Insider attacks should be of specialconcern to organizations that have focusedprimarily on perimeter defenses. Firewalls,intrusion detection, intrusion prevention,sandboxing, VPNs and endpoint protectionmatter to overall security, of course. Butthey are not sufficient to thwart internalincidents that may occur either as a resultof authorized users' inadvertent misuse orbehavior with malicious intent. There is nodefense against users who can exploittheir legitimate access to an organization'ssystems and sensitive information.

53% More than half of organizations do not have theappropriate controls to prevent an inside attack.

Most Common Means of Attack

38% Internal Incident

Internal incident withina partner organization

28% Direct External Incident

20% Attack Via Partner

18% Lost or Stolen Asset

18%

T H E T H R E A T L A N D S C A P E

SOURCE: INSIDER THREAT SPOTLIGHT REPORT

Investigate SecuritySpending PrioritiesAs a whole, IT system security isn't neglected whenit comes to tech spending. Three-quarters ofrespondents to the TechPro Research report,Research: IT budget-drivers, trends and concerns in2016, put improving security for IT systems at the topof their lists. In fact, over 40% of organizationsexpected to increase network security budgets,Forrester Research has noted.

The issue is whether companies are putting those dollars to work in the most appropriate way to assuretrue network security. Research indicates that security investments and the return companies receive onthem don't always match up – most prominently in the case of traditional IDS or IPS perimeter defensesolutions. Even identity and access management systems – which many CISOs have called upon tofunction as an additional perimeter defense layer in the face of expanding networks and growingendpoints – lag in delivering expected value.

S E C U R I T Y I N V E S T M E N T D I S C O N N E C T

84%

Intrusion detectionor prevention

Anti-virussolution

Identity and accessmanagement

Web and emailcontent filtering

Encryption ofdata in motion

Encryption ofdata at rest

41%

80%68%

72%57% 44% 52% 45% 51% 49%52%

Technologies in current budgets Top performing technologies SOURCE: PONEMONINSTITUTE 2015

76%Viruses

P R E V A L E N C E O F A T T A C K T E C H N I Q U E

SOURCE: DATA SECURITY CONFIDENCE INDEX

The Threats Getting By Your DefensesAs enterprises consider their network security spending priorities, they should take note of the fact that viruses and malware took the top spots in perimeter security breaches, according to recent research. Once these threats make it past the perimeter, sensitive information is at risk, whether inside the network or inside applications that have access to the network.

Such findings become of particular concern when measured against other research. Some 60% of IT and IT security practitioners report that the severity of malware infections had significantly increased or increased in the past year, according to recent research from the Ponemon Institute.

74%66%60%55%50%49%46%46%

Malware

Trojan Horses

Spyware

Phishing

SQL Injection

DDos Attacks

Botnets

Ransomware

Risky BusinessThe changes in network architectures andaccess that render a perimeter defense strategyineffective on its own have been accompaniedby other changes, as well. An important one isthat CISOs today are under greater pressure tobuild digital trust among customers around datause. A significant proportion of companiesbelieve that they are not doing enough to buildtrust with customers over the use of their data.

Customers will avoid dealing with companiesthey don't believe will keep their data secure.Three quarters of those surveyed said they arelikely to avoid doing business with a companythat had experienced a data breach wherefinancial data was stolen. The indirect costs of adata breach includes reputational damage andloss of business opportunities – and may evenresult in a fall in share price.

T H E N E E D F O R D I G I T A L T R U S T

China India United States France Brazil Germany United Kingdom64% 61% 55% 48% 45% 40%50%

SOURCE: ACCENTURE

Getting Smart AboutNetwork SecurityEnterprises can take steps to better secure their networks on allfronts – and the sensitive information residing within theseinfrastructures and associated applications.

The knowledge that change is in order often takes hold after abreach, when spending goes up and strategy shifts. More dollarsmove to prevention technologies, threat intelligence capabilities,incident response programs and detection technologies.

45% 47% 37% 35% 31% 45% 27%

IncidentResponses

StrategyShift

SpendingIncrease

PreventionTechnologies

ThreatIntelligence

DetectionTechnologies

PersonnelChanges

P O S T - B R E A C H I N I T I A T I V E S

• Threat Management• Vulnerabil i ty Reports• IDS/IPS

Masergy fills the prediction, protectionand detection bill with its extensible,modular, centrally managed andscalable Unified Enterprise Security(UES) system. Perimeter defensetechnology is included in its solution,but the star players in its integrated andholistic security architecture areadaptive and predictive data sharing, aswell as the tracking and analysiscapabilities of its network behavioranalysis and correlation engine.

Critically, it employs machine learningto detect and thwart networkreconnaissance activity prior to anattack by building a highly sophisticatedbehavioral profile, one that exceedstraditional frequency, threshold, andnetflow-based detection methods. Withits patented security platform thatincludes continuous monitoring, CISOswill understand where their business isvulnerable, who is trying to attack it andhow before threats – from external orinternal sources – can be triggered.

M A S E R G Y U E ST E C H N O L O G Y A R C H I T E C T U R E

A P P L I C A T I O N F R A M E W O R K

• Signature Detection• Threat Data• Raw Packet Data

D A T A F R A M E W O R K

• Security Policy Violations• Vulnerabil i ty Data• Firelog and SysLog Data

• Network AccessPolicy Monitoring

• Network Security Reports

A D A P T I V E N E T W O R KB E H A V I O R I A L A N A L Y S I S

M A C H I N E L E A R N I N G &P R E D I C T I V E A N A L Y S I S

Detection &Prevention

Module

SecurityInformation

& EventManagement

Vulnerabil i tyManagement

NetworkSecurity

Zones

Firewall &SysLog Module

To learn more about how your company can movebeyond perimeter defenses and engage with a Unified

Enterprise Security solution, visithttps://www.masergy.com/talk-expert.