Search form

On-Demand Webinars

Transforming IT into the Enterprise Innovation Engine
The Future of IT Operations - AIOps, Observability and Beyond
Solving the SLO Riddle: Why SLOs Aren't Enough
Taking Web Performance to the Next Level
Equinox levels up its observability fitness with Elastic
Measuring Real-World Performance of DNS Solutions
Introducing Internet Stack Map
What's New at Catchpoint! Spring 2024 Product Launch Event
Master Class: Optimizing CX through 4 Pillars of Internet Resilience
Avoid Observability Failure: Hybrid Enterprises Must Complement APM with Internet Performance Monitoring
Observability Trends: Key Considerations for Modern Observability
Navigating Today's I&O Landscape: Leveraging Cloud, Hyper-Convergence and Observability
Master Class: Monitoring from Your Users' Perspective
2024 Tech Trends: 10 Predictions for Tomorrow's IT Evolution
The SRE Report 2024: What the Charts Don't Tell You
2024 Security Trends: How Generative AI Is Changing the Threat Landscape
Getting the Most Out of Elastic Observability & New Features
Tales from the trenches: Security leaders share insights on protecting higher education
The Impact of AIOps and GAI on Modern Observability
Countering Internet Complexity with AI-Powered Internet Performance Monitoring
Maximizing Customer Lifetime Value: Transforming Ecommerce with AI-Powered Search
AI Meets Search: Powering a New Generation of Insights
Behind the Scenes: Rocket Lawyer's Secret Sauce for Uninterrupted Digital Legal Services
3 Tips to Supercharge Your Application Tracing
What's New at Catchpoint! Fall 2023 Product Launch Event
Demo of Internet Sonar: From Disruption to Instant Detection
Harnessing the Power of Generative AI in Retail
Expert Insights: Navigating Outages Like a Pro
What's New in Application Monitoring: Maximizing Operational Efficiency with Enhanced Performance Insights
Preventing Outages: Implement an Internet Performance Monitoring Plan

All Webinars...

Analyst Reports

Gartner® Magic Quadrant™ for Observability Platforms 2024
Modern Enterprises Must Boost Observability with Internet Performance Monitoring
Forrester Opportunity Snapshot: Increase Revenue with Internet Performance Monitoring

All Analyst Reports...

White Papers

Level up with distributed tracing: Enhancing application performance with Applications Manager
Top challenges of digitization and how network traffic analysis can help
What is APM: Understanding the Basics of Application Performance Management
What is end-user experience monitoring?
How IT leaders can drive more with less
Internet Resilience Report 2024
Bandwidth throttling - A strategic approach to network bandwidth monitoring and optimization with NetFlow Analyzer
Address multi-client network traffic monitoring challenges with OpManager MSP’s new NetFlow Analyzer integration
Full-stack observability: Implementation, benefits, and ROI
Network traffic analysis for today's IT
The SRE Report 2024
The 2024 Observability Landscape — a survey of observability decision-makers
2024 State of IT Operations Report: Journey to Agility
OpUtils IP scanner for visibility: See everything, manage effortlessly
Digital experience monitoring in Applications Manager
How to monitor Apache web server performance metrics
How IT leaders can drive more with less
Firewall Segmentation
Startup vs. running configuration conflict: Its impact, and how to avoid it
A comprehensive guide to enhance performance and reliability in your storage systems
An IT leader's enterprise guide to drive more with less
Website monitoring in Applications Manager
Synthetic monitoring 101: A comprehensive guide to synthetic monitoring
Beyond deployment: The ongoing challenges in application performance monitoring implementation
How Is IPAM Simplifying Modern Networking?
The Elastic Generative AI Report
Database Monitoring for Beginners: 6 Steps to Get You Started
6 Best Practices for Application Performance Monitoring
Visibility, Scalability, Security: Why IPAM Is the Cornerstone of Robust Data Centers
Real-Time Server Traffic Monitoring: Benefits, Best Practices and NetFlow Analyzer

All White Papers...

Software Security Flaws Cause Majority of Product Vulnerabilities
April 16, 2019

Keith Bromley
Ixia

Share this

Software security flaws cause the majority of product vulnerabilities, according to the 2019 Security Report from Ixia's Application and Threat Intelligence (ATI) Research Center.

"Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018. Misconfigured security and access policies were also a major source of data breaches in 2018," said Steve McGregory, Senior Director, Ixia Application and Threat Intelligence, Keysight Technologies. "Network and application complexity pose serious security threats and create new vulnerabilities every day. Hackers continue to leverage the complexity as well as existing vulnerabilities and misconfigurations to their advantage. It has never been more important for organizations to take a proactive approach to identify and mitigate such flaws as thoroughly as possible."


Key findings from the 2019 Security Report include:

Software security flaws caused the majority of product vulnerabilities

Ixia observed more new devices joining networks than ever before, but also more devices designed and deployed without proper measures to stop or even limit threats. Well-understood SQL injections and cross-site scripting vulnerabilities were used by bad actors to target web applications. Code sharing posed a risk despite efforts by the open source community to standardize controls and measures in web development. Code fragmentation makes it difficult to address this widespread problem.

Humans are the weakest link

In 2018, Ixia detected 662,618 phishing pages in the wild, and 8,546,295 pages hosting or infected by malware – so a successful attack on an organization's infrastructure requires only a single errant click on an email or link. A well-crafted and well-timed phishing attempt can encourage even tech-savvy users to click on compromised links. Successful defense depends on a combination of proactively educating users, blocking phishing attacks and malware that cross the network edge, and detecting and blocking lateral movement in a network.

Cyber hygiene is at an all-time low

IT vendors created code or configurations that led to many successful security breaches in 2018, but IT operations and security personnel also shared the blame. Well-known attacks and attack vectors remained successful because security personnel did not address vulnerabilities, either due to lack of knowledge of the latest patches or challenges in deploying them in a timely manner. 

Security vulnerability disclosures are a double-edged sword

Both hackers and security vendors benefit when vulnerabilities are announced in the open, particularly zero-day exploits. Mirai, Drupalgeddon and the D-Link DSL-2750B remote code execution vulnerability are examples where hackers were able to move faster than vendors and IT teams.

Crypto-jacking activity continues to grow

This threat reached new peaks in 2018, with hackers combining multiple classic attacks to deliver nearly autonomous malware. Ixia honeypots captured several new exploits that run an EternalBlue scan, and when successful, deposit a cryptominer on the network.

Security Watchlist for 2019

Based upon Ixia-collected data and historical activity, the Ixia ATI team predicts the following six trends for 2019:

■ Abuse of low-value endpoints will escalate

■ Brute-force attacks on public-facing systems and resources will increase

■ Cloud architectures will create complexity that increases attack surfaces

■ Phishing will continue to evolve

■ Multiphase attacks that use lateral movement and internal traffic will increase

■ Crypto mining/cryptojacking attacks will increase

Keith Bromley is Senior Manager, Solutions Marketing at Ixia Solutions Group, a Keysight Technologies business
Share this

Related Links

www.ixiacom.com

The Latest

The OpenTelemetry Getting Started Survey: Understanding Users' Observability Journeys
September 12, 2024

The OpenTelemetry End-User SIG surveyed more than 100 OpenTelemetry users to learn more about their observability journeys and what resources deliver the most value when establishing an observability practice ... Regardless of experience level, there's a clear need for more support and continued education ...

Why Data Silos Kill Collaboration
September 11, 2024

A silo is, by definition, an isolated component of an organization that doesn't interact with those around it in any meaningful way. This is the antithesis of collaboration, but its effects are even more insidious than the shutting down of effective conversation ...

8 Takeaways from the State of Observability for Industrials, Materials and Manufacturing Report
September 10, 2024

New Relic's 2024 State of Observability for Industrials, Materials, and Manufacturing report outlines the adoption and business value of observability for the industrials, materials, and manufacturing industries ... Here are 8 key takeaways from the report ...

Enhancing the Availability of Important but Non-Critical Applications
September 09, 2024

For mission-critical applications, it's often easy to justify an investment in a solution designed to ensure that the application is available no less than 99.99% of the time — easy because the cost to the organization of that app being offline would quickly surpass the cost of a high availability (HA) solution ... But not every application warrants the investment in an HA solution with redundant infrastructure spanning multiple data centers or cloud availability zones ...

Top 5 Tips: How to Find the Best Edge Services Observability Fit
September 05, 2024

The edge brings computing resources and data storage closer to end users, which explains the rapid boom in edge computing, but it also generates a huge amount of data ... 44% of organizations are investing in edge IT to create new customer experiences and improve engagement. To achieve those goals, edge services observability should be a centerpoint of that investment ...