LAS VEGAS: Businesses are at risk from IT threats because too many of them rely on automated tools, rather than highly-trained security staff.
That was the conclusion of a group of researchers at the Black Hat security conference.
The researchers, who were all presenting as part of the conference's "defence" technology track, found that an over-reliance on automated security tools was preventing many firms from properly securing their networks.
Shawn Moyer, a research consulting manager for Accuvant Labs and organiser of the the track, said that network security needs to move beyond the perception that simply adding more technology will solve complex network problems.
"We have been sold simple solutions to complicated problems for a very long time," Moyer told reporters.
"Our industry came out of the anti-virus industry which was about disposable razor blades, it was about monthly subscriptions."
Among the areas singled out by researchers was intrusion prevention systems (IPS.) John Flynn, a security engineer at Facebook, found that when faced with modern advanced persistent threat (APT) scenario tests, IPS systems failed to block attacks as much as 95 per cent of the time.
Rather than throw more money into IPS platforms, Flynn believes that administrators need to become more intelligent and user better analysis practices with data collected from all security incidents.
"The reality is that they all want you to use their solution as the be-all end-all in the security story," Flynn said.
"You have to do the best you can by assembling these different vendors together and finding ways to make them all talk."
Iftach Ian Amit, director of services for IOActive, said that administrators should also become more educated about their own network layouts and security resources. By specially-crafting security infrastructure for their own deployments, Amit claimed firms can build a "home field advantage" against attackers.
"You have to start thinking about your organisation as an organisation," he said,
"Things are moving inside in ways that completely baffle those blinking-light boxes that you keep buying."
The best Black Friday tech bargains out there
Russell Group slammed for misusing student data in donation campaigns
Linus Torvalds is unhappy with current approaches to Linux security
Bug prevents ASLR from randomising location of important data