Companies that rely on networks are not doing adequate testing to ensure that they are resilient rather than simply difficult to penetrate, according to information security company Ixia.
Speaking at an Empowered Networks partner event in downtown Toronto, Ixia’s senior product marketing manager Don Shin said that there are a lot of shortcuts taken when a company builds a network that leaves it not only vulnerable to malware but also unusual traffic.
“The ridiculous size of the security problems that we face as an industry are absolutely daunting,” he said. “The immediate response as engineers is ‘What happened?’ and ‘What can we do about this?’”
According to Shin, in many cases, the answer can’t easily be found because instead of being proactive about building and testing for these resilient and secure networks, “the practices that we have are a little bit deficient.”
In response, his company has built solutions that test a company’s network using simulated real-world conditions which include influxes of traffic, vulnerability attacks and a mix of applications and protocols. Instead of relying on advertised lab results for network components, the “PerfectStorm” series demonstrated at Empowered’s event featured real-time test statistics that aim to give IT professionals a clearer understanding of an environment’s capacity.
To Shin, companies often focus too much on penetration testing and not enough on traffic, which is increasingly the issue. Just in the second quarter of 2014, the average DDoS attack size increased 216 per cent to 12.42 Gbps from the first quarter, which saw a 291% increase over the same quarter last year, according to Verisign, Inc., an American network infrastructure company that operates the authoritative registry for the .com, .net, and .name generic top-level domains.
To Shin, there is clearly a business opportunity in providing this kind of technology.
“It is catching on,” he said, explaining that enterprise IT security testing is one of the fastest growing areas of Ixia. “We’re really at the beginning of this, so early innovators, the fortune 200 companies are starting to adopt these kinds of technologies, but it’s the main body of the IT departments that still haven’t developed a rigour for testing yet.”
This is precisely what Ixia’s partners, Empowered Networks, hope to change. By signing this partnership, not only has Empowered changed its own approach to testing networks, it is also hoping to help broaden the practice to the rest of the enterprise marketplace, according to Ron Watt, director of marketing at the company.
“[Ixia] still has a sales and support team in Canada, and we’re just dovetailing with them to broaden the reach,” Glen Emo, chairman and president of Empowered explained. “Their sales team can only be in so many places. We bring an equal size or bigger sales team that can get into network equipment manufacturers to carriers and the enterprise.”
“We are doing everything we can to be the feet on the street for Ixia in servicing the Canadian marketplace,” Watt added.
To Shin, the challenge of testing networks in the past was that the equipment for replicating a live environment was very difficult to assemble, but companies with this technology are finally starting to emerge.
“The other part of security testing is the resiliency element,” he said. “It’s the recognition of the inevitability of a breach.”