New threats emerge as cyber criminals develop more sophisticated methods for attacking networks. As a way to improve security, network security updates are completed to fix any vulnerabilities that are prone to being exploited by cybercriminals.
Failure to apply these updates in a timely manner leaves networks vulnerable to attack, putting sensitive data at risk and potentially causing significant financial and reputational damage. That is why network security updates are crucial.
Still, IT professionals are frustrated with network security updates. A couple of reasons are because of the increase in network update velocity, as well as tech stack sprawl. In fact, according to a BackBox survey, the majority of network security and operations pros say there are more network updates needed than they can keep up with. On top of that, almost two-thirds of the survey’s respondents only upgrade network and security devices quarterly (or even less frequently).
This leads to two questions: Why can’t IT professionals keep up with the updates? Why do they do it sporadically?
Maybe it comes down to the staffing shortage due to IT specialists not feeling appreciated by some companies. Knowing that, they don’t bother to contact the company, let alone apply for a position there.
Or maybe, companies are not investing in network automation.
Well, according to the survey, nearly half of the survey respondents say their company has not implemented or invested deeply in network automation. This is big because without network automation, companies are exposing themselves to security breaches and other serious issues. For example, network automation has the capability to rapidly restore the network from backup within a few minutes of an outage or misconfiguration.
That said, IT professionals have a bit of skepticism about automation. A large part of it has to do with their company’s approach to network automation. In the survey, three-fourths of respondents do not trust their organization's current approach to automating network changes. The most common issue they cite about their company's current approach is that it's difficult to add new automation without impacting current operations.
Another approach companies make is investing in an abundance of automation tools. For example, network security and operations professionals can make use of four or more tools for network automation. That’s great to see the companies investing in automation. However, there is a downside if it is not invested correctly. Leveraging an abundance of tools results in a siloed approach to management and a fragmented response in disaster recovery scenarios. This ultimately leaves leadership without a unified view of automation strategy and outcomes.
"These numbers illustrate the pressure to regularly update device operating systems to patch vulnerabilities," said Josh Stephens, Chief Technology Officer of BackBox. "I recommend that companies automate the deployment of patches and upgrades for firewalls and other network devices as a part of a weekly schedule, with the ability to inject high-priority upgrades in near real-time, as a part of their network automation and cybersecurity strategies."
Overcoming barriers to increasing network automation may be difficult, but it is crucial to make the most of network security and operations professionals' expertise.
"Network operations professionals must stay ahead of malicious actors by keeping every network and security device up to date and configured according to internal policy or best practice standards like the Center for Internet Security Benchmarks," said Andrew Kahl, CEO of BackBox.
Edited by Alex Passett