Misconfiguration risk to US government networks' security and compliance.

Titania has released a study on US Federal security practices, “The impact of exploitable misconfigurations on the security of agencies’ networks and current approaches to mitigating risks in the U.S. Federal Government.” The research shows that network professionals report that they’re meeting their security and compliance requirements, but the data suggest that this self-reporting is optimistic.

Self-confidence in compliance and practices.

Respondents from the federal government are confident that they meet their security and compliance requirements, with more than 88% saying that their company relies on compliance for the delivery of security. That perception of good network security doesn’t entirely conform to reality, however, and misconfiguration is one of the larger blindspots. 

The reality of federal government cybersecurity.

Federal agencies have a larger number of devices on their network, with over 1,000 on average. 59% of respondents say that they assess the configuration of network devices every year, with 12% doing it on a bi-montly cycle. 71% reported the effectiveness of their network security tools in categorizing and prioritizing compliance risks, which contrasts the 81% of respondents that reported that the inability to prioritize remediation based on risk is a top issue. Respondents reported an average of 51 misconfigurations in the past year, with 83% reporting at least one critical configuration issue in the past two years. All federal agencies also only look at firewalls, not routers or switches.