Successfully reported this slideshow.

EMA Network Security Survey Findings (SEP 2016)

207 views

Published on

Enterprise Management Associates and Ixia conducted this survey of network security practices and concerns with 242 qualified network and security professionals. See my blog on where survey finds areas for improvement in 2017: http://tinyurl.com/zurb4wd.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

EMA Network Security Survey Findings (SEP 2016)

  1. 1. Ixia contracted Enterprise Management Associates (EMA), a market research firm in the technology space, to conduct professional, non-vendor biased research into the topic of network security practices and concerns. EMA recruited 242 qualified respondents employed as network and/or security professionals to survey during September 2016. The raw questions and responses are summarized here. Enterprise Management Associates Network Security Findings a survey conducted for Ixia January 5, 2017 For an interpretation of these results, as they relate to network security architecture, visit: https://www.ixiacom.com/company/blog/network-security-survey-finds-areas-improvement-2017. For more information about Ixia security solutions, visit: https://www.ixiacom.com/solutions/network-security.
  2. 2. EMA Network Security Survey Findings Slide 2 © 2016 Enterprise Management Associates, Inc. demo1: Which of the following best describes your role in the organization? 0% 7% 10% 5% 4% 1% 10% 3% 4% 9% 31% 16% 0% 0% 0% 0% 0% 0% 0% 0% 0% 0% 5% 10% 15% 20% 25% 30% 35% IT-related Administrator/Specialist IT-related Systems… IT-related Software Engineer/Developer Infrastructure Engineer (network/systems) IT-related Consultant/Integrator IT-related Architect IT/Security Operations Staff IT-related Business Analyst IT-related Project/Program Manager IT-related Manager/Supervisor (or equivalent) IT/Security Manager IT-related Director (or equivalent) IT-related Vice President (or equivalent) CIO/CTO (IT Executive Management) CISO/CSO/Chief Risk or Compliance Officer CEO/COO/CFO (Business Executive… Corporate/Line of Business Vice President… Corporate/Line of Business Director (or… Corporate/Line of Business… Corporate/Line of Business Staff Other Column % Sample Size = 242
  3. 3. EMA Network Security Survey Findings Slide 3 © 2016 Enterprise Management Associates, Inc. demo2: Which of the following best describes the department or functional area in which you work? 100% 0% 0% 20% 40% 60% 80% 100% 120% IT/IS/Network Other Column % Sample Size = 242
  4. 4. EMA Network Security Survey Findings Slide 4 © 2016 Enterprise Management Associates, Inc. demo3: You have indicated that your role and/or department is best described by IT/IS/Network. Within this area, which group do you belong to? 0% 27% 0% 0% 0% 0% 7% 7% 41% 2% 2% 5% 0% 7% 0% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% Applications Development IT Operations Planning/Design IT Financial Management IT Architecture Business Analysis Project/Program Management Operations - Network Operations Center… Operations - Data Center Security Service Desk, Service Support, Help Desk Cross-Domain Service Delivery Organization Cross-Domain Support Organization for IT Executive IT Management Network Engineering/Planning Other Column % Sample Size = 242
  5. 5. EMA Network Security Survey Findings Slide 5 © 2016 Enterprise Management Associates, Inc. qual1: Does your organization use network visibility controllers (NVCs) to stream packets to network and security monitoring tools? 79% 21% 0% 0% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Yes, we currently use NVCs Not currently, but we plan to deploy NVCs within the next 12 months No, we have no plans to deploy NVCs within the next 12 months Do not know Column % Sample Size = 242
  6. 6. EMA Network Security Survey Findings Slide 6 © 2016 Enterprise Management Associates, Inc. qual2mr: At which stages are you involved with your organization's use of network visibility controllers (NVCs)? 59% 43% 55% 57% 64% 0% 0% 10% 20% 30% 40% 50% 60% 70% Research and evaluate NVCs Procure NVCs Plan/deploy NVCs and/or the packet-based tools connected to them Manage and maintain NVCs Use network and security monitoring tools connected to NVCs None of the above % Valid Cases (Mentions / Valid Cases) Sample Size = 242, Valid Cases = 242, Total Mentions = 672
  7. 7. EMA Network Security Survey Findings Slide 7 © 2016 Enterprise Management Associates, Inc. demo4: How many employees are in your company worldwide? 0% 13% 23% 20% 12% 16% 6% 10% 0% 5% 10% 15% 20% 25% Fewer than 250 250 - 499 500 - 999 1,000 - 2,499 2,500 - 4,999 5,000 - 9,999 10,000 - 19,999 20,000 or more Column % Sample Size = 242
  8. 8. EMA Network Security Survey Findings Slide 8 © 2016 Enterprise Management Associates, Inc. demo5: Which of the following best describes your company's primary industry? 2% 3% 2% 7% 9% 2% 8% 15% 0% 14% 1% 1% 2% 7% 0% 0% 0% 0% 7% 2% 9% 2% 1% 2% 2% 0% 2% 4% 6% 8% 10% 12% 14% 16% Aerospace/Defense Consulting - Computer or Networking Related Consulting - All Other (Not Computer or… Education Finance/Banking/Insurance Government Healthcare/Medical/Pharmaceutical High Technology - Software High Technology - Reseller/VAR/Systems… High Technology -… Hospitality/Entertainment/Recreation/Travel Legal Manufacturing - Computer Hardware or… Manufacturing - All Other (Not Computer… Marketing/Advertising/PR Agency/Market… Media/Publishing/Broadcasting Non-Profit/Not for Profit Oil/Gas/Chemicals Professional Services - Computer or… Professional Services - All Other (Not… Retail/Wholesale/Distribution Telecommunications Transportation/Airlines/Trucking/Rail Utilities/Energy Other Column % Sample Size = 242
  9. 9. EMA Network Security Survey Findings Slide 9 © 2016 Enterprise Management Associates, Inc. demo6: In which region is your corporate headquarters located? 100% 0% 0% 0% 0% 0% 20% 40% 60% 80% 100% 120% North America Central and South America (Latin America) Europe-Middle East-Africa (EMEA) Asia-Pacific (APAC) Rest of World Column % Sample Size = 242
  10. 10. EMA Network Security Survey Findings Slide 10 © 2016 Enterprise Management Associates, Inc. demo7: In which region are you located? 96% 2% 1% 0% 0% 0% 20% 40% 60% 80% 100% 120% North America Central and South America (Latin America) Europe-Middle East-Africa (EMEA) Asia-Pacific (APAC) Rest of World Column % Sample Size = 242
  11. 11. EMA Network Security Survey Findings Slide 11 © 2016 Enterprise Management Associates, Inc. demo8: What is your organizations annual sales revenue (in US dollars)? 0% 0% 16% 31% 28% 20% 2% 2% 0% 5% 10% 15% 20% 25% 30% 35% Less than $1 million $1 million to less than $5 million $5 million to less than $20 million $20 million to less than $100 million $100 million to less than $1 billion $1 billion or more Not applicable, I work for a government or non-profit agency Do not know Column % Sample Size = 242
  12. 12. EMA Network Security Survey Findings Slide 12 © 2016 Enterprise Management Associates, Inc. demo9: What is your organizations annual IT budget (in US dollars)? 1% 11% 17% 25% 14% 15% 7% 7% 2% 0% 5% 10% 15% 20% 25% 30% Less than $350,000 $350,000 to less than $1 million $1 million to less than $5 million $5 million to less than $10 million $10 million to less than $25 million $25 million to less than $50 million $50 million to less than $100 million $100 million or more Do not know Column % Sample Size = 242
  13. 13. EMA Network Security Survey Findings Slide 13 © 2016 Enterprise Management Associates, Inc. demo10: What was the percent increase or decrease of your organization's annual IT budget from last year to this year? 2% 6% 14% 36% 24% 14% 1% 1% 0% 0% 0% 1% 0% 5% 10% 15% 20% 25% 30% 35% 40% Increased more than 75% Increased between 50% and 75% Increased between 25% and 50% Increased between 10% and 25% Increased less than 10% Stayed the same Decreased less than 10% Decreased between 10% and 25% Decreased between 25% and 50% Decreased between 50% and 75% Decreased more than 75% Do not know Column % Sample Size = 242
  14. 14. EMA Network Security Survey Findings Slide 14 © 2016 Enterprise Management Associates, Inc. inline1: Inline Monitoring Questions Which of the following best describes your current deployment of real-time inspection of live network traffic? 33% 40% 16% 8% 3% 0% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% We deploy tools inline behind an external bypass switch We deploy tools inline using the tool's internal bypass function We deploy tools inline without a bypass We are unsure or undecided about deploying tools inline We have no plans to deploy tools inline Do not know Column % Sample Size = 242
  15. 15. EMA Network Security Survey Findings Slide 15 © 2016 Enterprise Management Associates, Inc. inline2mr: You indicated that you have not yet deployed inline security monitoring tools. What has prevented you from deploying inline security monitoring tools? 15% 23% 23% 19% 12% 23% 23% 4% 27% 0% 0% 5% 10% 15% 20% 25% 30% Inline tool failure could result in network outage Overloaded tools could drop packets Tools introduce latency Too many false positives Too expensive Challenges of moving tools out of band No cost-effective way to deploy tool with N+1 redundancy Can't afford scheduled downtime for installation Introduces too much network complexity Other % Valid Cases (Mentions / Valid Cases) Sample Size = 26, Valid Cases = 26, Total Mentions = 44
  16. 16. EMA Network Security Survey Findings Slide 16 © 2016 Enterprise Management Associates, Inc. inline3mr: Aside from a stateful (Layer 4) firewall, what other inline security tools are deployed on your network? 38% 44% 46% 40% 36% 68% 29% 14% 54% 56% 0% 0% 0% 0% 10% 20% 30% 40% 50% 60% 70% 80% Next-generation firewall (Layer 7 inspection) Intrusion prevention system (IPS) Web application firewall Security intelligence event management… Antimalware Antivirus Integrated threat intelligence feed Honey pot Data loss prevention (DLP) SSL decryption Other None Do not know % Valid Cases (Mentions / Valid Cases) Sample Size = 216, Valid Cases = 216, Total Mentions = 921
  17. 17. EMA Network Security Survey Findings Slide 17 © 2016 Enterprise Management Associates, Inc. inline4: Approximately how many of your inline security monitoring tools are connected to a network visibility controller (NVC)? 3% 5% 12% 15% 9% 16% 11% 8% 10% 3% 4% 3% 0% 2% 4% 6% 8% 10% 12% 14% 16% 18% Less than 10% 10% to 19% 20% to 29% 30% to 39% 40% to 49% 50% to 59% 60% to 69% 70% to 79% 80% to 89% 90% to 99% 1 Do not know Column % Sample Size = 242
  18. 18. EMA Network Security Survey Findings Slide 18 © 2016 Enterprise Management Associates, Inc. outband1mr: Out-of-Band Monitoring Questions Which kinds of out-of-band tools (i.e., connected to TAPs, SPANs, and NVCs) are most important to you? 31% 47% 55% 20% 50% 29% 20% 14% 0% 0% 0% 10% 20% 30% 40% 50% 60% Troubleshooting/packet analyzers (e.g., packet "sniffers" or other analyzers) Intrusion detection/prevention Data loss prevention Application performance monitor Network performance monitor Data/packet recorder Compliance monitor VoIP/unified communications/video analyzers Other Do not know % Valid Cases (Mentions / Valid Cases) Sample Size = 242, Valid Cases = 242, Total Mentions = 646
  19. 19. EMA Network Security Survey Findings Slide 19 © 2016 Enterprise Management Associates, Inc. outband2: What percent of SPANs versus TAPs does your organization use for mirroring data to network visibility controllers and monitoring tools? 3% 11% 34% 27% 16% 5% 1% 4% 0% 5% 10% 15% 20% 25% 30% 35% 40% 100% TAPs 76% to 99% TAPs 51% to 75% TAPs 50% TAPs and 50% SPANs 51% to 75% SPANs 75% to 99% SPANs 100% SPANs Do not know Column % Sample Size = 242
  20. 20. EMA Network Security Survey Findings Slide 20 © 2016 Enterprise Management Associates, Inc. outband3: What percentage of segments on your network are currently monitored by network and security monitoring tools? 2% 12% 31% 23% 19% 10% 2% 0% 5% 10% 15% 20% 25% 30% 35% 1% to 20% 21% to 40% 41% to 60% 61% to 80% 81% to 99% 1 Do not know Column % Sample Size = 242
  21. 21. EMA Network Security Survey Findings Slide 21 © 2016 Enterprise Management Associates, Inc. outband3mr: Why doesn't your organization monitor 100% of its network segments? 35% 26% 13% 23% 24% 40% 2% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% Shortage of SPANs and TAPs Not enough monitoring tools Can't afford additional tools Staff can't keep up Tools don't provide the right capabilities Current coverage is sufficient Other % Valid Cases (Mentions / Valid Cases) Sample Size = 211, Valid Cases = 211, Total Mentions = 345
  22. 22. EMA Network Security Survey Findings Slide 22 © 2016 Enterprise Management Associates, Inc. outband4: How would you characterize the success of your organization's use of command-line interface (CLI) for configuring and administering traffic filters in your network visibility controllers? 23% 50% 23% 3% 0% 0% 0% 10% 20% 30% 40% 50% 60% No problems. We've got it under control. Not bad. We get by pretty well with the occasional hiccup. Somewhat difficult. We have a couple of experts on staff but it's a struggle. Much too difficult. Our staff can't do it. We don't use CLI. Other Column % Sample Size = 242
  23. 23. EMA Network Security Survey Findings Slide 23 © 2016 Enterprise Management Associates, Inc. outband5: Which of the following best describes the CPU utilization for all of your organization's packet-based security and monitoring tools (when considered as a whole)?6% 26% 38% 21% 6% 0% 2% 0% 5% 10% 15% 20% 25% 30% 35% 40% Less than 25% of capacity used 25% to 50% of capacity used 51% to 75% of capacity used 76% to 99% of capacity used 100% of capacity used Capacity is overloaded Do not know Column % Sample Size = 242
  24. 24. EMA Network Security Survey Findings Slide 24 © 2016 Enterprise Management Associates, Inc. outband7: Which of the following best describes your organization's approach to monitoring 40 Gbps links? 31% 26% 28% 10% 5% 1% 0% 5% 10% 15% 20% 25% 30% 35% Our tools fully support 40 Gbps line rate monitoring. We monitor 40 Gbps traffic directly with 10 Gbps tools despite the risk of overload. We load balance or filter 40 Gbps traffic flows so that we can monitor them sufficiently with 10 Gbps tools. We do not monitor 40 Gbps links because we lack 40 Gbps tools. Not applicable - we don't have 40 Gbps links on our network. Do not know Column % Sample Size = 242
  25. 25. EMA Network Security Survey Findings Slide 25 © 2016 Enterprise Management Associates, Inc. outband8: How many times per month do you change the location from which you mirror network traffic to your packet-based monitoring tools? 14% 8% 24% 19% 21% 6% 3% 4% 0% 5% 10% 15% 20% 25% 30% Never 1 2 3 4 - 5 6 - 10 More than 10 Do not know Column % Sample Size = 242
  26. 26. EMA Network Security Survey Findings Slide 26 © 2016 Enterprise Management Associates, Inc. outband11: How important is it that your packet-based monitoring tools receive all the packets they need? 78% 22% 0% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Very important Somewhat important Not important Column % Sample Size = 242
  27. 27. EMA Network Security Survey Findings Slide 27 © 2016 Enterprise Management Associates, Inc. outband12: How confident are you that your out-of-band packet-based monitoring tools receive all the data they need for adequate visibility into your network? 22% 48% 26% 2% 1% 0% 0% 0% 10% 20% 30% 40% 50% 60% Extremely confident Confident Somewhat confident Neither confident nor unconfident Somewhat unconfident Unconfident Extremely unconfident Column % Sample Size = 242
  28. 28. EMA Network Security Survey Findings Slide 28 © 2016 Enterprise Management Associates, Inc. outband13mr: What are the most important benefits that your organization has experienced through its use of network visibility controllers? 17% 16% 21% 15% 47% 27% 22% 40% 13% 22% 19% 0% 0% 10% 20% 30% 40% 50% Mean time to problem diagnosis reduced Mean time to problem resolution reduced Useful life of tools extended New service delivery accelerated IT productivity improved High availability achieved Collaboration within IT improved Security incidents and breaches reduced Service level agreement (SLA) performance… Customer satisfaction improved Network upgrades/expansions… Other % Valid Cases (Mentions / Valid Cases) Sample Size = 242, Valid Cases = 242, Total Mentions = 629
  29. 29. EMA Network Security Survey Findings Slide 29 © 2016 Enterprise Management Associates, Inc. outband14c1: In the average work week, what percent of your time is spent on the following tasks? / Researching and responding to security incidents 4% 12% 22% 36% 23% 3% 0% 5% 10% 15% 20% 25% 30% 35% 40% 1 75% to 99% 50% to 74% 25% to 49% 1% to 24% 0% (not my role) Column % Sample Size = 242
  30. 30. EMA Network Security Survey Findings Slide 30 © 2016 Enterprise Management Associates, Inc. outband14c2: In the average work week, what percent of your time is spent on the following tasks? / Responding to network/application performance problems 3% 12% 26% 32% 25% 2% 0% 5% 10% 15% 20% 25% 30% 35% 1 75% to 99% 50% to 74% 25% to 49% 1% to 24% 0% (not my role) Column % Sample Size = 242
  31. 31. EMA Network Security Survey Findings Slide 31 © 2016 Enterprise Management Associates, Inc. outband14c3: In the average work week, what percent of your time is spent on the following tasks? / Configuring monitoring tools 6% 13% 20% 28% 27% 6% 0% 5% 10% 15% 20% 25% 30% 1 75% to 99% 50% to 74% 25% to 49% 1% to 24% 0% (not my role) Column % Sample Size = 242
  32. 32. EMA Network Security Survey Findings Slide 32 © 2016 Enterprise Management Associates, Inc. outband15mr: Which packet manipulation features on a network visibility controller are the most important to your organization? 19% 21% 29% 33% 22% 11% 17% 11% 11% 7% 16% 17% 25% 17% 11% 0% 5% 10% 15% 20% 25% 30% 35% Load balancing across multiple tools Media conversion (e.g., 40 Gbps to 10 Gbps) Data filtering SSL decryption Data masking Deduplication Time stamping Tunneling Port tagging Header stripping (de-encapsulation) Packet slicing Ultra-low latency High availability through full synchronization Deep packet inspection User-defined filtering % Valid Cases (Mentions / Valid Cases) Sample Size = 242, Valid Cases = 242, Total Mentions = 644

×