Symantec 2011 Threat Management Survey Global Results

  • 1,053 views
Uploaded on

 

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,053
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
27
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. 2011 Threat Management SurveyGlobal Data
  • 2. Methodology• Survey performed by Applied Research• 1,025 global enterprises• Tactical IT, Strategic IT and C-level professionals• Cross-industry 2
  • 3. Key Findings• Enterprises not confident in their security posture• Organizations struggling with timely analysis and response• Top concerns are security intelligence and visibility• Staffing problems top list of issues impacting ability to respond to new and emerging threats 3
  • 4. Security Confidence• 57% lack confidence in IT security staffs’ ability to respond to new threats• Why? Several of the factors tied to staffing – Not enough staff – Staff lacks time 4
  • 5. Staffing Issues• 66% rate staff as less than effective• Only 4% rate staff as completely effective• Why? – Recruiting – Retention – Right skill sets
  • 6. Top Security Concerns• Intelligence• Visibility• Analysis 6
  • 7. Security Shortcomings• Timely and quality alert correlation/analysis• Timely and effective event response 7
  • 8. Symantec Recommendations• Build a comprehensive incident management program• Be vigilant about the changing threat landscape• Broaden the visibility across your infrastructure• Evaluate systems for managing security information and alerts
  • 9. AppendixAll questions included 9
  • 10. Demographics 10
  • 11. Q2: How many employees does your organization have in all locations worldwide?1,000 to 2,499 33%2,500 to 4,999 33%5,000 or more 34% 0% 5% 10% 15% 20% 25% 30% 35% 40% 11
  • 12. Q3: What is your organizations primary industry? Advertisement 1% Media 2% Living-related and personal services and amusement services 2% Legal 2% Energy 2%Transport and freight service (cover such as Airline/railway industry) 3% Internet 3% Eating and drinking services, accommodations 3% Real estate and goods rental and leasing 4% Government 4% Education, Learning and Support 4% Construction 5% Medical, Health Care and Welfare 6% Manufacturing 9% Other 10% Wholesale and Retail 10% Scientific research, professional and technical services 10% Information Technology and Communications 10% Finance and Insurance 10% 0% 2% 4% 6% 8% 10% 12% 12
  • 13. Q4: What is your primary role? Manage our computing resources 25%Management role in IT, primarily focused on tactical/operational 25% issues Management role in IT, primarily focused on strategic issues 25% C-level or business owner 25% 0% 5% 10% 15% 20% 25% 30% 13
  • 14. Q5: What is your title? President 2% Owner 3% Partner 1% CIO 25% CTO 5% CISO 1%Vice President or Senior Vice President in a computing area 4% Director in a computing area 9% Manager of Information Systems or Computer Systems 22% Systems analyst 12% Systems architect 3% Systems designer 3% Other 11% 0% 5% 10% 15% 20% 25% 30% 14
  • 15. What is your age? 50 or older (Boomer) 10% 30 or less (Millennial) 22%31 to 49 (Gen-X) 68% 15
  • 16. Q7: What is your gender?Female 19% Male 81% 16
  • 17. Q8: How many years have you been working in computer systems and technology?14 12.8812 1210 8 6 4 2 0 Mean Median 17
  • 18. Q9: What are your companys annual revenues? Less than $500,000 2% $500,000 to $2,000,000 3% $2,000,000 to $7,500,000 4% $7,500,000 to $30,000,000 5% $30,000,000 to $100,000,000 9% $100,000,000 to $500,000,000 15% $500,000,000 to $1,500,000,000 16% $1,500,000,000 to $5,000,000,000 16% $5,000,000,000 to $25,000,000,000 16%$25,000,000,000 to $100,000,000,000 7% More than $100,000,000,000 7% 0% 2% 4% 6% 8% 10% 12% 14% 16% 18% 18
  • 19. Q10: Characterize your companys year-over-year annual growth rate in terms of annual revenue: Decline to state 3% Growing at 100% per year or more 0% Growing at 50 to 99% per year 5% Growing at 25 to 49% per year 7%Growing at between 10 to 24% per year 29% Growing at between 1 to 9% per year 31% Flat: Neither growing nor declining 11% Declining at between 1 to 9% per year 4%Declining at between 10 to 24% per year 9% Declining 25% per year or greater 1% 0% 5% 10% 15% 20% 25% 30% 35% 19
  • 20. Security Self-Assessment 20
  • 21. Q213: How confident are you that your IT security staff can handle new security threats in a timely and effective manner? Very confident 19% Somewhat confident 25% Neutral 19%Somewhat concerned 18% Very concerned 20% 0% 5% 10% 15% 20% 25% 30% 21
  • 22. Q214: What are the top three factors that are keeping you from being completely confident in your ability to handle new security threats in a timely and effective manner? (Ranked 1, 2, or 3)No access to latest information about new threats, vulnerabilities, etc. 36% Security staff lacks necessary experience/skill sets 39% Trouble responding to security incidents in a timely/effective manner 43% Staff doesnt have enough time 45% Trouble correlating/analyzing security alerts as they are happening 45% Not enough visibility into security across entire infrastructure 45% Insufficient security staff 46% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% 22
  • 23. Security Lifecycle 23
  • 24. Q215: Please review the following aspects of security and rank them in terms of what concerns you the most.100%90% 17% 18% 24%80% 41% 20%70% 28% 25%60% 150% 25% 2 27% 340% 28% 28% 430% 19%20% 38% 27%10% 23% 13% 0% Security intelligence Security visibility Attack analysis Security response 24
  • 25. Q215: Please review the following aspects of security and rank them in terms of what concerns you the most. (Average Ranks) Security intelligence Security visibility Attack analysis Security response012 2.04 2.50 2.64 2.8234 25
  • 26. Q216: Please rank these aspects in terms of your organizations ability to execute.100%90% 19% 17% 26%80% 38% 21%70% 25%60% 26% 150% 24% 2 29% 340% 29% 4 28%30% 19%20% 38% 26%10% 21% 15% 0% Security intelligence Security visibility Attack analysis Security response 26
  • 27. Q216: Please rank these aspects in terms of your organizations ability to execute. (Average Ranks) Security intelligence Security visibility Attack analysis Security response01 2.102 2.44 2.62 2.8334 27
  • 28. Q217: When it comes to keeping up with the latest cyber-security vulnerabilities and threats, please rate how you are doing in the following areas: 1 - Extremely poor 2 - Somewhat poor 3 - Neither poor nor well 4 - Somewhat well 5 - Extremely well100%90% 24% 27%80%70%60% 41% 40%50%40%30% 25%20% 26%10% 7% 5% 0% 3% 1% Acquiring such intelligence in a timely fashion The quality of intelligence you gather 28
  • 29. Q217: When it comes to keeping up with the latest cyber-security vulnerabilities and threats, please rate how you are doing in the following areas. (Somewhat/Extremely well) The quality of intelligence you gather 68%Acquiring such intelligence in a timely fashion 65% 0% 10% 20% 30% 40% 50% 60% 70% 80% 29
  • 30. Q217: When it comes to keeping up with the latest cyber-security vulnerabilities and threats, please rate how you are doing in the following areas. (Somewhat/Extremely poorly) The quality of intelligence you gather 6%Acquiring such intelligence in a timely fashion 10% 0% 2% 4% 6% 8% 10% 12% 30
  • 31. Q218: When it comes to maintaining visibility into security across the entire companys infrastructure, please rate how you are doing in each of the following areas: 1 - Extremely poor 2 - Somewhat poor 3 - Neither poor nor well 4 - Somewhat well 5 - Extremely well100%90% 21% 22% 27%80%70%60% 44% 42% 39%50%40%30%20% 27% 27% 27%10% 6% 7% 7% 0% 1% 1% 1% The quality of that visibility Acquiring such visibility in a timely fashion How comprehensive the visibility is 31
  • 32. Q218: When it comes to maintaining visibility into security across the entire companys infrastructure, please rate how you are doing in each of the following areas. (Somewhat/Extremely well) How comprehensive the visibility is 65%Acquiring such visibility in a timely fashion 65% The quality of that visibility 66% 0% 10% 20% 30% 40% 50% 60% 70% 32
  • 33. Q218: When it comes to maintaining visibility into security across the entire companys infrastructure, please rate how you are doing in each of the following areas. (Somewhat/Extremely poorly) How comprehensive the visibility is 8%Acquiring such visibility in a timely fashion 8% The quality of that visibility 7% 0% 1% 2% 3% 4% 5% 6% 7% 8% 9% 33
  • 34. Q219: When it comes to your organizations ability to correlate and analyze security alerts across the enterprise, please rate how you are doing in each of the following areas: 1 - Extremely poor 2 - Somewhat poor 3 - Neither poor nor well 4 - Somewhat well 5 - Extremely well100%90% 25% 27%80%70%60% 42% 41%50%40%30%20% 27% 26%10% 5% 5% 0% 1% 1% The timeliness of correlation and analysis The quality of the correlation and analysis 34
  • 35. Q219: When it comes to your organizations ability to correlate and analyze security alerts across the enterprise, please rate how you are doing in each of the following areas. (Somewhat/Extremely well)The quality of the correlation and analysis 68%The timeliness of correlation and analysis 67% 0% 10% 20% 30% 40% 50% 60% 70% 80% 35
  • 36. Q219: When it comes to your organizations ability to correlate and analyze security alerts across the enterprise, please rate how you are doing in each of the following areas. (Somewhat/Extremely poorly)The quality of the correlation and analysis 6%The timeliness of correlation and analysis 7% 0% 1% 2% 3% 4% 5% 6% 7% 36
  • 37. Q220: When it comes to your organizations ability to respond to security events, please rate how you are doing in each of the following areas: 1 - Extremely poor 2 - Somewhat poor 3 - Neither poor nor well 4 - Somewhat well 5 - Extremely well100%90% 25% 28%80%70%60% 45% 42%50%40%30%20% 24% 25%10% 5% 5% 0% 1% 1% Ability to respond in a timely fashion The effectiveness of your response 37
  • 38. Q220: When it comes to your organizations ability to respond to security events, please rate how you are doing in each of the following areas. (Somewhat/Extremely well)The effectiveness of your response 69%Ability to respond in a timely fashion 70% 0% 10% 20% 30% 40% 50% 60% 70% 80% 38
  • 39. Q220: When it comes to your organizations ability to respond to security events, please rate how you are doing in each of the following areas. (Somewhat/Extremely poorly)The effectiveness of your response 6%Ability to respond in a timely fashion 7% 0% 1% 2% 3% 4% 5% 6% 7% 39
  • 40. Security Staffing 40
  • 41. Q221: How would you characterize your security staffing levels at the current time? We are extremely overstaffed 4% We are somewhat overstaffed 11%We have just enough security staff 41% We are somewhat understaffed 32% We are extremely understaffed 11% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 41
  • 42. Q222: Overall, how would you rate the effectiveness of your IT security staff? Completely effective 10% Mostly effective 42%Not as good as we would like, but not horrible 24% Somewhat ineffective 15% Completely ineffective 10% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 42
  • 43. Q223: What is keeping you from rating your security staffing as "completely effective?" Rank the following areas of cyber security staffing in terms of difficulty for your organization.100% 6% 17% 16% 14%90% 19% 10% 29%80% 14% 18% 18% 20%70% 23% 17% 16% 160% 13% 18% 16% 250% 15% 14% 3 18% 16% 440% 19% 21% 5 18% 15%30% 6 15% 22%20% 17% 15% 12% 27% 29%10% 15% 10% 9% 11% 0% Recruiting Retention Skill sets Experience Staff retirement Awareness 43
  • 44. Q223: What is keeping you from rating your security staffing as "completely effective?" Rank the following areas of cyber security staffing in terms of difficulty for your organization. (Average Ranks) Recruiting Retention Skill sets Experience Staff retirement Awareness012 2.93 3.183 3.29 3.56 3.854 4.1956 44
  • 45. Managed Security Service Providers 45
  • 46. Q224: What managed security service provider vendors are you considering using or do you currently use? (Mark all that apply.) Other (Please specify) 5% BT/Counterpane 16%We dont use a managed security service provider 17% Verizon Business 24% Dell/SecureWorks 29% AT&T 30% IBM/ISS 39% Symantec 40% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 46
  • 47. Q225: How much influence does your managed security service provider have over which security products your company purchases? Complete influence 13% A moderate influence 35% Neutral 28% Very little influence 14%Absolutely no influence 10% 0% 5% 10% 15% 20% 25% 30% 35% 40% 47
  • 48. SIEM 48
  • 49. Q226: What Security Information and Event Management (SIEM) vendors do you currently use? (Mark all that apply.)Other (Please specify) 1% Q1 Labs 16% We dont use a SIEM 19% EMC/RSA (enVision) 22% HP/ArcSight 34% Symantec 55% 0% 10% 20% 30% 40% 50% 60% 49
  • 50. Q227: How do the following challenges impact your ability to realize the full value of your Security Information and Event Management (SIEM) solution? 1 - Extreme impact 2 - Moderate impact 3 - Some impact 4 - Slight impact 5 - No impact whatsoever100% 9% 10% 12% 11% 12% 11% 14% 14%90%80% 25% 27% 23% 24% 26% 26% 22% 24%70%60%50% 28% 30% 30% 31% 28% 29% 29% 31%40%30% 17% 23% 23% 22% 20% 19% 21% 22%20%10% 19% 13% 13% 12% 14% 15% 12% 11% 0% Insufficient staff to Trouble Staff doesnt have Trouble Insufficient staff to Trouble Insufficient Insufficient set up integrating latest enough time maintaining SIEM maintain responding to training to set up training to information on rules to incidents in maintain new threats, correlate/analyze timely/effective vulnerabilities, etc. alerts in real time manner 50
  • 51. Q227: How do the following challenges impact your ability to realize the full value of your Security Information and Event Management (SIEM) solution? (Moderate/Extreme impact) Insufficient training to maintain 33% Insufficient training to set up 34% Trouble responding to incidents in timely/effective manner 34% Insufficient staff to maintain 34% Trouble maintaining SIEM rules to correlate/analyze alerts in real time 34% Staff doesnt have enough time 35%Trouble integrating latest information on new threats, vulnerabilities, etc. 36% Insufficient staff to set up 36% 0% 5% 10% 15% 20% 25% 30% 35% 40% 51
  • 52. Q227: How do the following challenges impact your ability to realize the full value of your Security Information and Event Management (SIEM) solution? (Slight/No impact) Insufficient training to maintain 36% Insufficient training to set up 38% Trouble responding to incidents in timely/effective manner 37% Insufficient staff to maintain 38% Trouble maintaining SIEM rules to correlate/analyze alerts in real time 35% Staff doesnt have enough time 35%Trouble integrating latest information on new threats, vulnerabilities, etc. 35% Insufficient staff to set up 36% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 52