While patch management and workflow has become de rigueur for most Windows administrators, with over 2/3s of corporate network devices reporting at least one known security vulnerability their network administrator cousins have a long ways to go in keeping their equipment up to date and secure.
That’s among the findings of the recent Network Barometer report from Dimension Data, a global IT services and solution provider with a strong Canadian presence and a large Cisco Systems practice. The report is based on an aggregate of information Dimension Data collected through over 200 global network assessments of client and prospects in 2010, where they analyzed different Cisco network components within the organizations.
Among the top-line findings: more than 73 per cent of corporate network devices had at least one known security vulnerability, nearly double the 38 per cent recorded in last year’s report. A single, high-risk vulnerability that had long-ago been identified by Cisco was found in 66 per cent of devices, and was a primary driver for the increase. And 47 per cent of devices were in late stage obsolescence, which Dimension Data warns is the highest risk phase of the product lifecycle when companies are open to security breaches and compliance violations.
Diving deeper into the numbers there’s no real difference in vulnerabilities by business size, although by geography more companies in the Middle East and Africa reported vulnerabilities, at 84 per cent, compared to 65 per cent for the Americas.
Darryl Wilson, area practice director for Dimension Data Canada, said the problem is that companies aren’t keeping up to date with security vulnerabilities.
“Most organizations are keeping up with Microsoft patches, but other manufacturers with hardware running software also release [patches] and clients need to manage those when they come out, do an analysis and see if the vulnerability effects them,” said Wilson. “Not every one will affect every device. But you need to have a management process.”
Wilson said channel partners such as Dimension Data need to work with their clients to develop best practices-based management processes. The first step is doing a proper network inventory so you know what you’ve got and what version it’s running. Cisco does a good job of releasing the updates, said Wilson, but it’s up to organizations to take action on them and to be proactive.
“Gone are the days when network switches and routers could be rebooted anytime. There’s way too many critical apps – voice, video, business applications, building controls – everything runs on the network,” said Wilson. “The discipline must change on the network side of the housie to the point where they treat network devices the way the old telecom engineers used to treat PBX devices; it has to be five nines.”
The research also revealed network managers have a scale of problem that would give their Windows admin cousins nightmares: version control. They found an average of 28 unique versions of Cisco’s iOS running in company’s network, which Wilson said poses risk and configuration management challenges. One client had over 100 different versions in their network environment.
Follow Jeff Jedras on Twitter: @JeffJedrasCDN.