, , , , , , , ,

Ixia, a Keysight Business, Releases 2019 Security Report Highlighting Ongoing Security Risks from Historic Vulnerabilities and Network Complexity

Ixia, a Keysight Business, Releases 2019 Security Report Highlighting Ongoing Security Risks from Historic Vulnerabilities and Network Complexity

SANTA ROSA, Calif.–()–Keysight Technologies, Inc. (NYSE: KEYS), a leading technology company
that helps enterprises, service providers and governments accelerate
innovation to connect and secure the world, today announced that Ixia, a
Keysight Business, has released its third annual Security Report. The
2019 report analyzes the biggest security findings over the past year
from Ixia’s Application
and Threat Intelligence (ATI) Research Center
and highlights risks
originating from historic unpatched vulnerabilities as well as from
growing network and application complexity.

The report draws on Ixia’s in-depth experience in network security
testing, and the company’s focus on network and cloud visibility. An
elite, globally distributed team of dedicated cybersecurity
professionals staffs the Ixia ATI Research Center and continually
monitors and analyzes the ever-evolving indicators which could threaten
the security of enterprise IT networks. Inputs to the research process
come from multiple sources, including Ixia honeypots which actively look
for threats in the wild, independent research by the team that conducts
tests and reverse engineers exploits to determine how they work
international exploit databases, the Dark Web, scans of security news
alerts and crowdsourcing, and social media and partner feeds.

“Compromised enterprise networks from unpatched vulnerabilities and bad
security hygiene continued to be fertile ground for hackers in 2018.
Misconfigured security and access policies were also a major source of
data breaches in 2018,” said Steve McGregory, senior director, Ixia
Application and Threat Intelligence, Keysight Technologies. “Network and
application complexity pose serious security threats and create new
vulnerabilities every day. Hackers continue to leverage the complexity
as well as existing vulnerabilities and misconfigurations to their
advantage. It has never been more important for organizations to take a
proactive approach to identify and mitigate such flaws as thoroughly as
possible.”

Key findings from the 2019 Security Report include:

  • Software security flaws caused the majority of product
    vulnerabilities
    : Ixia observed more new devices joining networks
    than ever before, but also more devices designed and deployed without
    proper measures to stop or even limit threats. Well-understood SQL
    injections and cross-site scripting vulnerabilities were used by bad
    actors to target web applications. Code sharing posed a risk despite
    efforts by the open source community to standardize controls and
    measures in web development. Code fragmentation makes it difficult to
    address this widespread problem.
  • Humans are the weakest link: In 2018, Ixia detected 662,618
    phishing pages in the wild, and 8,546,295 pages hosting or infected by
    malware – so a successful attack on an organization’s infrastructure
    requires only a single errant click on an email or link. A
    well-crafted and well-timed phishing attempt can encourage even
    tech-savvy users to click on compromised links. Successful defense
    depends on a combination of proactively educating users, blocking
    phishing attacks and malware that cross the network edge, and
    detecting and blocking lateral movement in a network.
  • Cyber hygiene is at an all-time low: IT vendors created code or
    configurations that led to many successful security breaches in 2018,
    but IT operations and security personnel also shared the blame.
    Well-known attacks and attack vectors remained successful because
    security personnel did not address vulnerabilities, either due to lack
    of knowledge of the latest patches or challenges in deploying them in
    a timely manner.
  • Security vulnerability disclosures are a double-edged sword:
    Both hackers and security vendors benefit when vulnerabilities are
    announced in the open, particularly zero-day exploits. Mirai,
    Drupalgeddon and the D-Link DSL-2750B remote code execution
    vulnerability are examples where hackers were able to move faster than
    vendors and IT teams.
  • Crypto-jacking activity continues to grow: This threat reached
    new peaks in 2018, with hackers combining multiple classic attacks to
    deliver nearly autonomous malware. Ixia honeypots captured several new
    exploits that run an EternalBlue scan, and when successful, deposit a
    cryptominer on the network.

Security Watchlist for 2019

Based upon Ixia-collected data and historical activity, the Ixia ATI
team predicts the following six trends for 2019:

  • Abuse of low-value endpoints will escalate
  • Brute-force attacks on public-facing systems and resources will
    increase
  • Cloud architectures will create complexity that increases attack
    surfaces
  • Phishing will continue to evolve
  • Multiphase attacks that use lateral movement and internal traffic will
    increase
  • Crypto mining/cryptojacking attacks will increase

To download a complimentary copy of the 2019 Security Report from Ixia,
a Keysight Business, visit: https://about.keysight.com/en/newsroom/pr/2019/15apr-nr19059-ixia-security-report-2019.pdf.

About Keysight Technologies

Keysight Technologies, Inc. (NYSE: KEYS) is a leading technology company
that helps enterprises, service providers and governments accelerate
innovation to connect and secure the world. Keysight’s solutions
optimize networks and bring electronic products to market faster and at
a lower cost with offerings from design simulation, to prototype
validation, to manufacturing test, to optimization in networks and cloud
environments. Customers span the worldwide communications ecosystem,
aerospace and defense, automotive, energy, semiconductor and general
electronics end markets. Keysight generated revenues of $3.9B in fiscal
year 2018. More information is available at www.keysight.com.

Additional information about Keysight Technologies is available in the
newsroom at https://www.keysight.com/go/news
and on Facebook,
LinkedIn,
Twitter
and YouTube.

Published at Mon, 15 Apr 2019 15:00:00 +0000