Ixia, a Keysight Business, Releases 2019 Security Report Highlighting Ongoing Security Risks from Historic Vulnerabilities & ...
April 15 2019 - 11:00AM
Business Wire
Keysight Technologies, Inc. (NYSE: KEYS), a leading technology
company that helps enterprises, service providers and governments
accelerate innovation to connect and secure the world, today
announced that Ixia, a Keysight Business, has released its third
annual Security Report. The 2019 report analyzes the biggest
security findings over the past year from Ixia’s Application and
Threat Intelligence (ATI) Research Center and highlights risks
originating from historic unpatched vulnerabilities as well as from
growing network and application complexity.
The report draws on Ixia’s in-depth experience in network
security testing, and the company’s focus on network and cloud
visibility. An elite, globally distributed team of dedicated
cybersecurity professionals staffs the Ixia ATI Research Center and
continually monitors and analyzes the ever-evolving indicators
which could threaten the security of enterprise IT networks. Inputs
to the research process come from multiple sources, including Ixia
honeypots which actively look for threats in the wild, independent
research by the team that conducts tests and reverse engineers
exploits to determine how they work international exploit
databases, the Dark Web, scans of security news alerts and
crowdsourcing, and social media and partner feeds.
“Compromised enterprise networks from unpatched vulnerabilities
and bad security hygiene continued to be fertile ground for hackers
in 2018. Misconfigured security and access policies were also a
major source of data breaches in 2018,” said Steve McGregory,
senior director, Ixia Application and Threat Intelligence, Keysight
Technologies. “Network and application complexity pose serious
security threats and create new vulnerabilities every day. Hackers
continue to leverage the complexity as well as existing
vulnerabilities and misconfigurations to their advantage. It has
never been more important for organizations to take a proactive
approach to identify and mitigate such flaws as thoroughly as
possible.”
Key findings from the 2019 Security Report include:
- Software security flaws caused the
majority of product vulnerabilities: Ixia observed more new
devices joining networks than ever before, but also more devices
designed and deployed without proper measures to stop or even limit
threats. Well-understood SQL injections and cross-site scripting
vulnerabilities were used by bad actors to target web applications.
Code sharing posed a risk despite efforts by the open source
community to standardize controls and measures in web development.
Code fragmentation makes it difficult to address this widespread
problem.
- Humans are the weakest link: In
2018, Ixia detected 662,618 phishing pages in the wild, and
8,546,295 pages hosting or infected by malware – so a successful
attack on an organization’s infrastructure requires only a single
errant click on an email or link. A well-crafted and well-timed
phishing attempt can encourage even tech-savvy users to click on
compromised links. Successful defense depends on a combination of
proactively educating users, blocking phishing attacks and malware
that cross the network edge, and detecting and blocking lateral
movement in a network.
- Cyber hygiene is at an all-time
low: IT vendors created code or configurations that led to many
successful security breaches in 2018, but IT operations and
security personnel also shared the blame. Well-known attacks and
attack vectors remained successful because security personnel did
not address vulnerabilities, either due to lack of knowledge of the
latest patches or challenges in deploying them in a timely
manner.
- Security vulnerability disclosures
are a double-edged sword: Both hackers and security vendors
benefit when vulnerabilities are announced in the open,
particularly zero-day exploits. Mirai, Drupalgeddon and the D-Link
DSL-2750B remote code execution vulnerability are examples where
hackers were able to move faster than vendors and IT teams.
- Crypto-jacking activity continues to
grow: This threat reached new peaks in 2018, with hackers
combining multiple classic attacks to deliver nearly autonomous
malware. Ixia honeypots captured several new exploits that run an
EternalBlue scan, and when successful, deposit a cryptominer on the
network.
Security Watchlist for 2019
Based upon Ixia-collected data and historical activity, the Ixia
ATI team predicts the following six trends for 2019:
- Abuse of low-value endpoints will
escalate
- Brute-force attacks on public-facing
systems and resources will increase
- Cloud architectures will create
complexity that increases attack surfaces
- Phishing will continue to evolve
- Multiphase attacks that use lateral
movement and internal traffic will increase
- Crypto mining/cryptojacking attacks
will increase
To download a complimentary copy of the 2019 Security Report
from Ixia, a Keysight Business, visit:
https://about.keysight.com/en/newsroom/pr/2019/15apr-nr19059-ixia-security-report-2019.pdf.
About Keysight Technologies
Keysight Technologies, Inc. (NYSE: KEYS) is a leading technology
company that helps enterprises, service providers and governments
accelerate innovation to connect and secure the world. Keysight's
solutions optimize networks and bring electronic products to market
faster and at a lower cost with offerings from design simulation,
to prototype validation, to manufacturing test, to optimization in
networks and cloud environments. Customers span the worldwide
communications ecosystem, aerospace and defense, automotive,
energy, semiconductor and general electronics end markets. Keysight
generated revenues of $3.9B in fiscal year 2018. More information
is available at www.keysight.com.
Additional information about Keysight Technologies is available
in the newsroom at https://www.keysight.com/go/news and on
Facebook, LinkedIn, Twitter and YouTube.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20190415005537/en/
Beth Hespe, Americas and Europe+1
609-994-7442beth.hespe@keysight.com
Fusako Dohi, Asia+81 42 660-2162fusako_dohi@keysight.com
Keysight Technologies (NYSE:KEYS)
Historical Stock Chart
From Mar 2024 to Apr 2024
Keysight Technologies (NYSE:KEYS)
Historical Stock Chart
From Apr 2023 to Apr 2024