|By Business Wire||
|March 20, 2017 07:30 AM EDT|
Ixia (Nasdaq: XXIA), a leading provider of network testing, visibility, and security solutions, today announced the release of the first Ixia Security Report, a summation of 2016’s biggest security events including findings from Ixia’s Application and Threat Intelligence (ATI) Research Center. The ATI Research Center leverages the knowledge of hundreds of Ixia engineers, and its researchers operate a worldwide, distributed network of honeypots and web crawlers to actively identify known and unknown malware, attack vectors, and application exposures.
The Ixia Security Report is a reflection of Ixia’s long standing experience in network and network security test. Combined with the company’s understanding of large scale network data distribution systems, Ixia is able to extensively analyze organizations’ network attack surfaces. Ixia has determined that, while increases in malware are clearly a major threat to both enterprises and service providers, network complexity is creating its own vulnerability. According to an Ixia sponsored survey conducted by Enterprise Management Associates, the average enterprise is using six (6) different cloud services and network segmentation is increasing. However 54% of enterprises are monitoring less than half of those segments and less than 19% of companies believe that their IT teams are adequately trained on the wide array of network appliances they are managing.
“Organizations need to constantly monitor, test, and shift security tactics to keep ahead of attackers in the fast-paced threat landscape we all deal with today. This is especially important as new cloud services and increased IoT devices are routinely being introduced,” said Steve McGregory, Senior Director of Application Threat Intelligence at Ixia. “To do this effectively, organizations must start by studying their evolving attack surface and ensure they have the proper security expansion measures in place. Simple but effective testing and operational visibility can go a long way to improving security.”
Highlights from the ATI Research Center’s 2016 findings include:
Top Usernames and Passwords
Gaining access to accounts is often done the old-fashioned way—brute force guessing starting with the obvious. It is shocking how many network accounts and devices contain default usernames and passwords. At the top of the list were usernames like “root” and “admin,” but also “ubnt,” which is the default username for AWS and other cloud service offerings that use Ubuntu. IoT was also a notable target with “pi” for Raspberry PI. The passwords topping the list included favorites like “admin,” “123456,” “support,” and “password.”
Top Exploited URI Paths and CMS
In computing, a uniform resource identifier (URI) is a string of characters used to identify a name of a resource, which can be interacted with via the web using specific protocols. The top exploited URI paths used for brute force WordPress logins were /xmlrpc.php and /wp-login.php. Across customers, Ixia’s ATI Research Center also saw many attempts to scan for the phpinfo() function and that most URIs attempted for attack were PHP based.
Malware of Phishing?
Malware continued to dominate over 2016 but there were a few months—namely June, July, and August—during which ransomware phishing appeared to have outpaced malware. Top fishing targets identified by the ATI Research Center included Facebook, Adobe, Yahoo!, and AOL logins. Adobe updates were the most prevalent drive-by updates for delivering malware or phishing attacks.
“Understanding your network breadth across physical, virtual, and cloud assets is critical to protecting it,” said Jeff Harris, Vice President of Security Solutions at Ixia. “We see that network segmentation adoption is on the rise, but that up to half of those segments are not being monitored. We anticipate that network visibility into every segment, IoT monitoring and AI will be some of the key security topics in 2017.”
For the full report, please visit https://www.ixiacom.com/resources/security-report-2017.
Ixia (Nasdaq: XXIA) provides testing, visibility, and security solutions, strengthening applications across physical and virtual networks for enterprises, service providers, and network equipment manufacturers. Ixia offers companies trusted environments in which to develop, deploy, and operate. Customers worldwide rely on Ixia to verify their designs, optimize their performance, and ensure protection of their networks to make their applications stronger. Learn more at www.ixiacom.com.
Ixia and the Ixia logo are trademarks or registered trademarks of Ixia in the United States and other jurisdictions. All other trademarks used herein are the property of their respective owners.
Connect with Ixia
Mar. 26, 2017 08:15 AM EDT Reads: 2,985
Mar. 26, 2017 08:15 AM EDT Reads: 2,689
Mar. 26, 2017 08:15 AM EDT Reads: 2,884
Mar. 26, 2017 08:00 AM EDT Reads: 4,165
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
Mar. 26, 2017 07:15 AM EDT Reads: 1,670
While DevOps most critically and famously fosters collaboration, communication, and integration through cultural change, culture is more of an output than an input. In order to actively drive cultural evolution, organizations must make substantial organizational and process changes, and adopt new technologies, to encourage a DevOps culture. Moderated by Andi Mann, panelists discussed how to balance these three pillars of DevOps, where to focus attention (and resources), where organizations might...
Mar. 26, 2017 05:15 AM EDT Reads: 6,166
In their Live Hack” presentation at 17th Cloud Expo, Stephen Coty and Paul Fletcher, Chief Security Evangelists at Alert Logic, provided the audience with a chance to see a live demonstration of the common tools cyber attackers use to attack cloud and traditional IT systems. This “Live Hack” used open source attack tools that are free and available for download by anybody. Attendees learned where to find and how to operate these tools for the purpose of testing their own IT infrastructure. The...
Mar. 26, 2017 03:30 AM EDT Reads: 7,311
SYS-CON Events announced today that IoT Now has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. IoT Now explores the evolving opportunities and challenges facing CSPs, and it passes on some lessons learned from those who have taken the first steps in next-gen IoT services.
Mar. 26, 2017 03:30 AM EDT Reads: 3,871
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex softw...
Mar. 26, 2017 01:45 AM EDT Reads: 3,762
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
Mar. 26, 2017 12:30 AM EDT Reads: 1,950
Information technology (IT) advances are transforming the way we innovate in business, thereby disrupting the old guard and their predictable status-quo. It’s creating global market turbulence. Industries are converging, and new opportunities and threats are emerging, like never before. So, how are savvy chief information officers (CIOs) leading this transition? Back in 2015, the IBM Institute for Business Value conducted a market study that included the findings from over 1,800 CIO interviews ...
Mar. 26, 2017 12:30 AM EDT Reads: 5,194
Virtualization over the past years has become a key strategy for IT to acquire multi-tenancy, increase utilization, develop elasticity and improve security. And virtual machines (VMs) are quickly becoming a main vehicle for developing and deploying applications. The introduction of containers seems to be bringing another and perhaps overlapped solution for achieving the same above-mentioned benefits. Are a container and a virtual machine fundamentally the same or different? And how? Is one techn...
Mar. 26, 2017 12:30 AM EDT Reads: 2,935
What sort of WebRTC based applications can we expect to see over the next year and beyond? One way to predict development trends is to see what sorts of applications startups are building. In his session at @ThingsExpo, Arin Sime, founder of WebRTC.ventures, will discuss the current and likely future trends in WebRTC application development based on real requests for custom applications from real customers, as well as other public sources of information,
Mar. 26, 2017 12:15 AM EDT Reads: 793
As businesses adopt functionalities in cloud computing, it’s imperative that IT operations consistently ensure cloud systems work correctly – all of the time, and to their best capabilities. In his session at @BigDataExpo, Bernd Harzog, CEO and founder of OpsDataStore, will present an industry answer to the common question, “Are you running IT operations as efficiently and as cost effectively as you need to?” He will expound on the industry issues he frequently came up against as an analyst, and...
Mar. 26, 2017 12:00 AM EDT Reads: 4,182
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor - all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...
Mar. 26, 2017 12:00 AM EDT Reads: 1,778