Cyberattacks breach firewalls half of the time

According to new research, many have had their networks infiltrated; others admitted to facing difficulties when altering WAF policies to guard against new attacks.

  • 4 years ago Posted in
Neustar has released a new report from the Neustar International Security Council (NISC) highlighting growing concerns around the number of businesses vulnerable to cyberattacks due to hackers’ ability to bypass their Web Application Firewall (WAF).

 

Almost half (49%) of security professionals reported more than a quarter of attempts to sidestep their WAF protocols had been successful in the last 12 months. In addition, as many as four in ten respondents disclosed that 50 percent or more of attacks had managed to get around their application layer firewall.

 

These findings come at a pivotal time, as organisations continue to adapt their security strategies to cope with the increase in malicious web activity associated with COVID-19. Almost 30 percent (29%) of respondents admitted they had found it difficult to alter their WAF policies to guard against new web application attacks, while just 15 percent said they had found the process very easy.

 

Despite many having already been on the receiving end of a successful web-application attack, 39 percent of respondents declared they do not have a WAF that is fully integrated into other security functions; a technique that is critical in developing a holistic defence against a variety of attack types. Three in ten also claimed that half of network requests have been labelled as false positive by their WAF in the last year.

 

“As members of the public we have witnessed the steady and significant growth of volumetric DDoS attacks, fake domains, malicious malware and harmful misinformation. However, while these may be the security concerns capturing headlines, those within the community have also seen the unsettling rise in application-layer attacks,” said Rodney Joffe, Chairman of NISC and Senior Vice President and Fellow at Neustar. “Often unleashing destruction before they are even recognised, these attacks are equally as damaging, targeting specific vulnerabilities to cause a multitude of complications for those on the receiving end.”

 

“Due to their ‘under-the-radar’ nature, application-layer attacks are difficult to detect and therefore require a security posture that is always-on in order to be identified and mitigated. Only by providing protection across the entire network can organisations respond to the type of threats we are seeing today. For full-protection that doesn’t hinder business performance or add unnecessary complexities, organisations should opt for a cloud-based WAF, underpinned by curated, actionable threat data. Not only is this approach guaranteed to safeguard against the most common web threats, it also delivers visibility into application traffic, no matter where the applications themselves are hosted,” added Joffe.

 

Findings from the latest NISC research also highlighted a steep 12-point increase on the International Cyber Benchmarks Index year-on-year. Calculated based on the changing level of threat and impact of cyberattacks, the Index has maintained an upward trend since May 2017.

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...