Six out of ten infosec pros prefer network visibility over traffic encryption

Positive Technologies surveyed information security specialists on the topic of corporate network visibility. Results show that companies have poor visibility into external and internal traffic on their networks. When asked to choose between encryption and visibility into their internal network, 64 percent of respondents opt for visibility.

Most of the surveyed specialists (72%) rate visibility into external traffic on their networks as average or low. Nearly as many (68%) say the same regarding internal traffic.

Figure 1. How do you assess the level of traffic visibility at your company?

The respondents happiest with network visibility are those at IT companies: internal traffic visibility is rated highly by 47 percent of them, and external traffic by 42 percent. Manufacturing and heavy industry are least satisfied with the state of network visibility, with 52 percent calling the internal network opaque and 36 percent saying the same for external traffic.

Over the last year, 51 percent of respondents have detected unauthorized scanning within their perimeter. Malicious activity has been spotted by 51 percent as well. Very rarely have they detected use of hacking tools (17%) or lateral movement (8%).

Nataliya Kazankova, Product Marketing Manager at Positive Technologies, said: "Network scanning and malicious activity can be caught by many types of security solutions, such as antivirus products. In all likelihood, most of these companies were attempting detection without the help of network traffic analysis (NTA), which would have enabled them to detect more complex and subtle threats."

Companies are generally aware of the need to monitor the security of their internal networks. This can be seen from the wish list of respondents for what they want to get out of NTA solutions: 88 percent give a priority ranking (4 or 5) to detecting attacks within the network, 71 percent to detecting network anomalies, and 71 percent to monitoring compliance with security rules.

Kazankova added: "NTA systems have a big future ahead of them because they meet the market's expectations. They boost network visibility and handle the tasks that security professionals care about. Encryption does not get in the way of NTA since most in the industry do not support the idea of full encryption of corporate networks. And for those who do try to encrypt as much as possible, NTA is useful for detecting anomalies and malware."

When asked to choose between encryption and visibility into the internal network, 64 percent of the surveyed specialists opt for visibility. They rate their concern regarding internal traffic encryption as a 3, 4, or 5 on a five-point scale.

Figure 2. How worried are you that traffic encryption inside infrastructure inhibits network visibility? (0: I do not care about network visibility, traffic must be fully encrypted within the network. 5: I prefer not to encrypt traffic in order to get full network visibility.)

The Positive Technologies survey was conducted in early September 2020. Respondents included 231 employees of small, medium-sized, and large companies in various industries in Russia, Belarus, and Kazakhstan. Detailed results are available in the company's report.