Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The top challenges to expect in network security in 2019 survey report

1,361 views

Published on

The Bricata team conducted a survey to ask cybersecurity professionals about the challenges and opportunities they face in network security.

64% of respondents say network security is harder this year as compared to last and for a range of reasons. This includes the sophistication of threats, but also the proliferation of IT infrastructure and the complexity of environments given that changes stemming from cloud, IoT and BYOD, among others.

While insider threats (44%) and IT infrastructure (42%) topped the list of network security challenges no single topic drew a simple majority. Lack of leadership support, security technology interoperability, shadow IT, BYOD and the deluge of security alerts were among the top 10.

Most organizations used between 1-10 tools for the purpose of network security. About one-third of respondents said these tools were not integrated, while another 28% said these tools were just somewhat integrated. No respondents indicated tools in their environment were completely integrated.

About a quarter (26%) of respondents say their organization receives 1,000 or more security alerts per day. More importantly, the vast majority (84%) say these require 5 or more minutes each to triage. “A decent number of false-positives waste quite a bit of time,” wrote one respondent. “On the other hand, some alerts are- -critical, but we are missing vital information, which we then spend ages trying to locate.” Some admit they just can’t review all alerts.

While just about one-third (32%) say they are doing threat hunting today – a majority (61%) of respondents believe that threat hunting will be either more important or much more important in the next 12 months.

Security analytics, security integration and behavioral analysis were the top three areas of security respondents said organizations should focus on over the next year. Interestingly, collaboration out ranked machine learning and AI as a recommended area of focus.
Some 34% of respondents said the relationship between security and DevOps is strong, while 27% said it isn’t. By contrast, 51% of respondents said the relationship between security and the business is strong, while 22% said it isn’t.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

The top challenges to expect in network security in 2019 survey report

  1. 1. The Top Challenges in Network Security for 2019 A survey of security professionals identifies network security opportunities, risks and benchmarks CC BY-SA 4.0 by Bricata
  2. 2. Executive Summary • Network security is growing more difficult. 64% of respondents say network security is harder this year as compared to last and for a range of reasons. This includes the sophistication of threats, but also the proliferation of IT infrastructure and the complexity of environments given that changes stemming from cloud, IoT and BYOD, among others. • Insider threats and IT infrastructure complexity are the top challenges. While insider threats (44%) and IT infrastructure (42%) topped the list of network security challenges no single topic drew a simple majority. Lack of leadership support, security technology interoperability, shadow IT, BYOD and the deluge of security alerts were among the top 10. • Too many tools that don’t to talk to each other. Most organizations used between 1-10 tools for the purpose of network security. About one-third of respondents said these tools were not integrated, while another 28% said these tools were just somewhat integrated. No respondents indicated tools in their environment were completely integrated. • Networks security faces a deluge of alerts and can’t investigate them all. About a quarter (26%) of respondents say their organization receives 1,000 or more security alerts per day. More importantly, the vast majority (84%) say these require 5 or more minutes each to triage. “A decent number of false-positives waste quite a bit of time,” wrote one respondent. “On the other hand, some alerts are- -critical, but we are missing vital information, which we then spend ages trying to locate.” Some admit they just can’t review all alerts. • Threat hunting poised for growth. While just about one-third (32%) say they are doing threat hunting today – a majority (61%) of respondents believe that threat hunting will be either more important or much more important in the next 12 months. • Key network security areas to focus on in the next year. Security analytics, security integration and behavioral analysis were the top three areas of security respondents said organizations should focus on over the next year. Interestingly, collaboration out ranked machine learning and AI as a recommended area of focus. • Security has a stronger relationship with the business than it does with DevOps. Some 34% of respondents said the relationship between security and DevOps is strong, while 27% said it isn’t. By contrast, 51% of respondents said the relationship between security and the business is strong, while 22% said it isn’t. 2 | CC BY-SA 4.0 by Bricata
  3. 3. | 3 64% say securing the network is harder or much harder this year than last. 3 | CC BY-SA 4.0 by Bricata
  4. 4. Network security is growing more difficult Most respondents (64%) say network security is harder this year as compared to last, while about one-third (32%) say it’s neither harder or easier. When asked why in an open-ended question, respondents wrote in attributing challenges to several causes: • “Increasing array of threats and threat vectors, as more and more computer systems proliferate throughout offices.” • “Playing catch up because security wasn't a priority with this company until recently.” • “Increase in threats from third-party networks and IoT devices.” • “Doesn't feel like training and education is keeping pace for defenders with what attackers are capable of doing.” • “Hackers are using more complex and comprehensive tools and internal users seemingly are less aware of what they do to reduce protection.” • “More things keep getting added to the network, with more vulnerabilities.” • “Acquisitions have made it more challenging. Supporting both AWS and Azure are also testing our support limits as development rushes into this space headlong.” • “My responsibilities moved from a traditional hardware stack to AWS. Networking in AWS is a whole new ballgame to learn.” • “More deep hackings into previously thought solid safe spaces.” • “Ransomware variants are growing and threats are evolving.” 4 | CC BY-SA 4.0 by Bricata
  5. 5. | 5 5 | CC BY-SA 4.0 by Bricata
  6. 6. Network security faces a broad array of challenges The weakest point in network security may well rest between the keyboard and chair. Some 44% of respondents named insider threats as the single biggest threat in network security. In our assessment “insider threats” are not necessarily malicious and likely include accidental incidents set off by well-intended users inside the network. The top 10 challenges included: Those that selected “other” challenges to this question, wrote in to say understaffing, limited budgets and time constraints were key challenges in their organization. It’s important to note that no single challenge drew a majority of responses. This underscores the diversity of problems facing network security which vary by industry, IT environment and perhaps organizational culture. This reinforces the notion that there isn’t a single solution that will solve every security problem. 1) Insider threats – 44% 2) IT infrastructure complexity – 42% 3) Absence of leader support – 40% 4) Lack of tool interoperability – 37% 5) Shadow IT – 31% 6) Weak controls for provided access – 29% 7) Cloud visibility – 28% 8) BYOD – 26% 9) Too many alerts – 22% 10) Too many tools – 18% 6 | CC BY-SA 4.0 by Bricata
  7. 7. | 7 73% of have between 1 and 10 tools for network security 22% use between 11 and 20 tools for network security 7 | CC BY-SA 4.0 by Bricata
  8. 8. Most organizations use 1-10 tools for network security The majority of respondents (73%) said their organization uses between 1 and 10 tools for network security. About one-fifth (22%) said they use between 11-20 tools. While this particular question is exclusively focused on network security, the responses seem to nest well with other surveys we’ve observed. For example, a 2017 survey found roughly 70% of enterprises use between 10-50 tools across all sectors of cybersecurity including the network. Respondents noted tools alone aren’t the answer. Security technologies must be well planned, implemented properly, adequately resourced with thoroughly-trained security professionals. We will see this more clearly in the next question. 8 | CC BY-SA 4.0 by Bricata
  9. 9. | 9 9 | CC BY-SA 4.0 by Bricata
  10. 10. Security tools do not play well with each other This question brings granularity to the lack of interoperability among security tools. About one-third of respondents (32%) said tools in their organization simply do not share data. Another 28% said these tools were just somewhat integrated. When asked why in an open-ended question, respondents said the following: • “Tools are purchased without ever sending employees to training or bringing hands-on experience from the vendor to assist in integration. We just buy things and cross our fingers that it was a good investment. New leadership, new year, it is getting better.” • “Different vendor tools that don't communicate to one another.” • “Lack of standards for interoperability.” • “Varies by the 'brilliance' of the product.” • “They don't talk to each other. They do talk to the SIEM but that is not enough.” • “I inherited a hodge-podge of non-implemented or half-implemented projects.” • Different solutions have a greater probability of catching issues that the other may not.” We believe the problem has reached a critical mass and as a result, security integration will be added to the list of requirements in the security acquisition process. Enterprises will start demanding that new cybersecurity tools adhere to open standards, open APIs and readily allow the security operations center (SOC) to share data as they deem fit. 10 | CC BY-SA 4.0 by Bricata
  11. 11. | 11 26% say their organization receives 1,000 or more security alerts per day. 11 | CC BY-SA 4.0 by Bricata
  12. 12. | 12 84% say their organization requires 5 or more minutes to triage a security alert. 12 | CC BY-SA 4.0 by Bricata
  13. 13. | 13 82% say their organization spend too much time triaging alerts at least some of the time. 13 | CC BY-SA 4.0 by Bricata
  14. 14. Security cannot investigate every alert Most organizations get a deluge of alerts. A little more than one-third (35%) of respondents say their organization gets 100 or fewer alerts per day. About one-quarter (26%) of respondents put that number at more than 1,000 with 10% of those seeing more than 10,000 alerts. All remaining respondents fell somewhere between 100 and 1,000 daily alerts. These alerts require time to investigate. The vast majority (84%) say it takes five or more minutes to effectively triage an alert. This means an organization with 1,000 alerts – which is a modest example in this survey – would have to triage 12 alerts per hour, for nearly 3.5 days without pausing to get through all of these. The problem is compounded by the fact more alerts pour in all the time and some just require more time to vet properly. For example, 58% of respondents said alerts take double that time – 11 or more minutes to triage. The vast majority (82%) say their organization spends too much time investigating alerts at least some of the time. Much of this is caused by a high signal-to-noise ratio. Many alerts are false positives which overwhelms the resources security teams have at hand. “A decent number of false-positives waste quite a bit of time,” wrote one respondent. “On the other hand, some alerts are critical, but we are missing vital information, which we then spend ages trying to locate.” Some respondents candidly admitted they simply don’t investigate every alert, which risks a sophisticated threat slipping by in plain sight. It’s clear a better means of prioritizing and triaging alerts is needed. 14 | CC BY-SA 4.0 by Bricata
  15. 15. | 15 15 | CC BY-SA 4.0 by Bricata
  16. 16. | 16 61% think threat hunting will be more important over the next year. 16 | CC BY-SA 4.0 by Bricata
  17. 17. Threat hunting poised for growth Threat hunting grew out of the notion that sophisticated threat actors understand how traditional detection technologies work – and evade detection. Even newer tools that tap artificial intelligence and machine learning, aren’t perfect, because these technologies focus on finding variations of known threats. If the threat is new or the technique is novel there isn’t a variation to be detected. As a result, threat hunting is becoming one of the hottest trends in cybersecurity today. While just about one- third (32%) say they are doing threat hunting today – that doubles when asked about the future. A majority (61%) of respondents believe that threat hunting will be either more important or much more important in the next year or so. The findings are generally in line with another study focused on threat hunting conducted earlier this year. 17 | CC BY-SA 4.0 by Bricata
  18. 18. | 18 83% 89% 78% 77% 72% 71% 48% 21% 18 | CC BY-SA 4.0 by Bricata
  19. 19. Areas where security should focus Where should security organization focus their future efforts? On a weighted average based on a five-point scale (which takes into account those that think the concept is less or much less important) the answers stack up like this: Some observations include: • Security integration is liable to become a must-have requirement in procurement; • Behavioral analysis is rising because it’s harder to hide abnormal behavior on the network; • It’s interesting to see that collaboration tops machine learning and AI – human collaboration still matters; and • Signature detection will find 80% of the known malware, but a layered security posture with interwoven advanced capabilities is necessary for identifying sophisticated threats. 1) Security analytics (4.20) 2) Security integration (4.12) 3) Behavioral analysis (4.07) 4) Collaboration (4.00) 5) Machine learning / AI (3.97) 6) Threat hunting (3.88) 7) Signature detection (3.33) 19 | CC BY-SA 4.0 by Bricata
  20. 20. | 20 34% say the relationship cybersecurity has with DevOps is strong 27% say the relationship cybersecurity has with DevOps is NOT strong 20 | CC BY-SA 4.0 by Bricata
  21. 21. | 21 51% say the relationship cybersecurity has with the business is strong 22% say the relationship cybersecurity has with the business is NOT strong 21 | CC BY-SA 4.0 by Bricata
  22. 22. Stronger relationship with the business than DevOps Security seems to have a stronger relationship with the business than with DevOps. Some 34% of respondents said the relationship between cybersecurity and DevOps is strong, while 27% said it isn’t. By contrast, 51% of respondents said the relationship between cybersecurity and the business is strong, while 22% said it isn’t. On some level this makes sense: cybersecurity serves the business while it often finds itself at odds with the change management processes DevOps champions. This is because a newly revealed exploit will exist in a production environment and the risks associated with changing the production environment are precisely why the process is intentionally slow and methodical. Still, it’s surprising because conventional wisdom says both sides have similar goals and speak the same language. If the pace an innovation of threats in the modern cybersecurity landscape have thrust this relationship into focus. 22 | CC BY-SA 4.0 by Bricata
  23. 23. Security professionals in their own words This survey asked one final open-ended question – What is one thing you wish the business would understand about cybersecurity? – and it received 46 responses. A representative sample follows: • “What you get in results, will rarely be outdone by what you give; but what you get, can and almost always does, outweigh what you give.” • “Security culture is extremely important since people are the weakest link in the security chain.” • “It is a continuous process that must encompass every operating, development and planning activity within an institution.” • “That DevOps needs to communicate more clearly and ask security for help, DevOps should not be making security decisions.” • “Its easier with a lower TCO if done correctly up front than it is to try to fix problems after something has been deployed.” • “How much damage one human being can accidentally do through negligence.” • “Cybersecurity is a strategic investment.” • “It is everyone's business and responsibility.” • “It takes money to protect the enterprise, and the IT department requires an adequate budget to implement.” • “[Security] is complex and does not scale easily; it requires budget and FTEs.” • “An understanding of the resources required in order to achieve a rapid response could be improved.” A word cloud of all responses follows on the next page. 23 | CC BY-SA 4.0 by Bricata
  24. 24. | 24 24 | CC BY-SA 4.0 by Bricata
  25. 25. Survey demographics and methodology 25 | CC BY-SA 4.0 by Bricata
  26. 26. | 26 52% of respondents have 10 or more years of experience 26 | CC BY-SA 4.0 by Bricata
  27. 27. | 27 Included retail, consulting, HR and tourism 27 | CC BY-SA 4.0 by Bricata
  28. 28. | 28 28 | CC BY-SA 4.0 by Bricata
  29. 29. Survey methodology This survey was conducted online from November 1, 2018, until November 30, 2018. Survey respondents were solicited by email distributed through two third-party organizations with well-established cybersecurity subscribers. Sixty eight mostly senior respondents with more than 10 years of experience completed the survey. Respondents hailed from a wide distribution of industries. Respondents were most widely represented by technology (29%) and financial (22%) vertical markets, though many also stem from government, education, healthcare and non-profit. Respondents were incentivized with a chance to win one of three $50 gift cards. 29 | CC BY-SA 4.0 by Bricata
  30. 30. Recommended resources • Here’s What Network Threat Hunting Means, Why It Matters, and How to Get Started [blog] • 7 Simple but Effective Threat Hunting Tips from a Veteran Threat Hunter [blog] • Layers of Cybersecurity: Signature Detection vs. Network Behavioral Analysis [blog] • 7 Security Trends Shaping Intrusion Detection Technology [blog] • Snort, Suricata and Bro: 3 Open Source Technologies for Securing Modern Networks [blog] • Introduction to Network Threat Hunting [webinar] • Threat Hunting: Finding Hidden & Undetected Network Threats [webinar] Connect with Bricata on Twitter, LinkedIn or Facebook. 30 | CC BY-SA 4.0 by Bricata
  31. 31. About Bricata, Inc. Bricata is the leader in comprehensive network protection. The Bricata flagship solution provides unparalleled network visibility, full-spectrum threat detection, true threat hunting, and threat resolution capabilities in an intuitive, tightly-integrated and self- managing system. Its automated detection, productive GUIs, and expert system workflows make it easy-to-use for novices; while granular control of its engines, access to rich network metadata and PCAPs, and true threat hunting capabilities give experts the power and control they demand. Bricata has been proven to speed incident resolution by eight times by reliably detecting threats and providing the context necessary to get to the truth quickly and act. For more information visit www.bricata.com.

×