Unusual and quite obvious factors affecting the traffic of corporate networks and the work of providers
/ Unsplash / Fotis fotopoulos
More monitors – more traffic
One of the largest providers of network monitoring solutions conducted a studyby interviewing over 200 professionals at last year’s Infosecurity Europe conference. The vast majority of respondents said that their company equips workstations with two monitors to increase employee productivity. But half of them use a second display for non-working tasks – streaming music or video. These services may take more than half of corporate traffic. It turned outthat in 73% of such situations, companies simply do not have the infrastructure that could effectively cope with the additional load.
What we have on Habré:
- In most corporate networks, there may be traces of hackers and related vulnerabilities
- How the IT community responds to the New IP initiative
A number of security experts also note that employees who use second monitors for non-working tasks open up new attack vectors for attackers. Vulnerabilities in streaming applications is one of the main reasons for malware to enter corporate networks.
Just a month ago, in one of the applications for watching television discovered bug CVE-2020-9380, allowing a hacker to gain full control over the operating system. Therefore, companies should be more careful about the “second display” policy.
Long Patch – Long Risk Management
By given Kollective analysts, more than half of large organizations – whose computer fleet exceeds 100 thousand units – spend more than one month to close the vulnerability. This fact simplifies the work of hackers – in most cases, they use the well-known software vulnerabilities to break into corporate networks and realize their plans due to the slowness of administrators who drag out the installation of ready-made patches.
So, for hacking Equifax Bureau in 2017, attackers took advantage of a vulnerability in the Apache Struts framework (CVE-2017-5638) “Patch” for her was released two months before the attack.
One of the reasons for the slow installation of patches is bureaucracy and poor process automation. A number of companies still work with information about patches and their updates in regular office software and tables. In one Fortune 100 organization, even there is special department filling out spreadsheets with vulnerability information. To avoid situations similar to the case with Equifax, information security experts recommend automating such processes.
Emergency applications – emergency response
Providers today celebrate traffic growth of 45% or more. Similarly doing are and with VPN and cloud services. But with all this, sharp declines are observed.
/ Unsplash / Francisco Andreotti
One of the western cloud providers noted an interesting pattern. When country leaders make statements to citizens, the load on networks in the corresponding region is significantly reduced (everyone watches / listens to the speech live on TV or on the radio).
A sharp drop in traffic was recorded in the Netherlands during a government appeal on March 15. A similar situation occurred in France – when authorities announced the introduction of quarantine measures, traffic around the country declined about twice.
All these points – although some of them are quite obvious – indicate that the work of providers and administrators of corporate networks is constantly complicated. We will continue to analyze this topic and conduct a small webinardedicated to updating the architecture of the network of the largest Internet provider in Moldova – StarNet.
