EMA Megatrends in Cyber-Security

IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
David Monahan
Managing Research Director
Enterprise Management Associates
EMA Megatrends in
Cyber-Security

INDUSTRY ANALYSIS & CONSULTING2 © 2019 Enterprise Management Associates
Watch the On-Demand Webinar
• EMA Megatrends in Cyber-Security On-Demand
webinar is available here:
https://ema.wistia.com/medias/flzv8oangz
• Check out upcoming webinars from EMA here:
http://www.enterprisemanagement.com/freeResearch

INDUSTRY ANALYSIS & CONSULTING3 © 2019 Enterprise Management Associates, Inc.
Today’s Speaker
David Monahan, Managing Research Director, Security and
Risk Management, EMA
David is a senior information security executive with several years
of experience. He has organized and managed both physical and
information security programs, including security and network
operations (SOCs and NOCs) for organizations ranging from
Fortune 100 companies to local government and small public and
private companies. He has diverse audit, compliance, risk, and
privacy experience, such as providing strategic and tactical
leadership to develop, architect, and deploy assurance controls,
delivering process and policy documentation and training, and
working on educational and technical solutions.

Sponsors

Demographics
• 250 respondents
• Focused on North America
• 46% Director and above
• Org Sizes:
• 19% SMB, 48% Midsized, 33% Enterprise/18% VLE
• Top 5 industries:
• High-Tech, MSSP, Finance/Banking/Insurance, Manufacturing,
Infrastructure/Utilities/Shipping
• 58% of revenues fall between $20M and $1B USD
• 13% below and 27% above
• 50% of IT budgets fall between $5M and $50M USD
• 17% below and 32% above
• Average IT budget increase, between 10% and 25%
• No decreases identified

Ratio of company dollars spent on managed
security services compared to total spend on
security
2%
10%
16%
22%
37%
11%
2%
33%
Greater than 90%
Greater than 75% but not more than 90%
Up to 25%
We have none, but we are investigating
We have none, and are not interested in investigating
Average MSSP budget consumption

Security Initiatives

Top five expanding security initiatives driving
current priorities in the overall security program
65%
62%
60%
60%
59%
Improving security monitoring of cloud
environments
Improving endpoint protection capabilities
Improving security analytics capabilities
Improving security visibility and context within
the environment
ITOps and DevOps integrations

Cloud in Security

Security’s role in public cloud initiatives
Leading roll in all,
58%
Contributing role in all,
32%
Leading role in some,
4%
Contributing role in some, 6%

Organizations currently using cloud to support
SecOps and/or ITOps workloads or functions
98%
2%
Yes
No

Many cloud consumers [errantly] believe the
cloud providers are responsible for security
53%
21%
15%
All or majority provider-owned
Shared equally
All or majority customer-owned

Top three security challenges in public cloud
1. Security visibility within the cloud infrastructure due to provider limitations
2. Inability to meet compliance needs
3. Security visibility within the cloud infrastructure due to architectural
limitations

MSSP Adoption and Success

Top three drivers for engaging an MSSP
55%
50%
38%
MSSP does it better regardless of in-house
skills or cost
MSSP provides lower TCO than in-house
MSSP delivers better ROI/Value

Top three reasons why customers engage
MSSP services over using internal SecOps
22%
21%
16%
Reduce CapEx or OpEx
Focus on increased innovation within IT
Reduced downtime

MSSP success levels vs. internal teams
51%
44%
4%
0%
0%
42%
52%
5%
0%
0%
Successful
Somewhat successful
Neither successful nor unsuccessful
Somewhat unsuccessful
Unsuccessful
MSSP Internal

Internal SecOps

Alert Fatigue
227
224
Average # of total alerts
Average # of critical alerts

Inter-team handoff frustrations(cont’d)
68%
60%
42%
32%
32%
27%
Inability to share data
Inability to collect source data
Inadequate storage to maintain data
Internal politics
Conflicts over data ownership
Poor processes
76% of teams suffer from handoff frustrations

Too many security consoles
65%
34%
1%
1%
Actively trying to consolidate tools
wherever possible
Consolidating tools where possible when
renewals come due
Not activelytrying to consolidate
Don't know
10%
22%
Average # of security interfaces in
enterprises
(5K and greater employees)
Largest numbers of interfaces
(Commonly reported)

Monitoring features providing the most value to
SecOps
50%
44%
42%
37%
32%
Automated event correlation and
enrichment of security alerts
Enhanced alert/alarm management
Automated notifications/escalations
Automated change management
Automated trouble ticket generation
and data gathering for analysis

Analytics

Top three use cases for security analytics
55%
46%
41%
Security process automation
Predictive security analytics
Security simulation

Top three operational impediments for security
analytics
47%
41%
36%
Security data for analysis is
straining storage capacity
Internal skills or knowledge gaps
Process and political issues in
sharing data effectively among
relevant stakeholders

IoT Initiatives and Threats

Organizations working on IoT initiatives
66%
18%
16%
Yes
No, and none planned
No, but we are in the planning phase

Perceived threat levels imposed by managed
and unmanaged IoT devices in the environment
75%
10%
12%
2%
61%
24%
10%
5%
High
Moderate
Low
None
Managed Unmanaged

Attacks by IoT devices
27%
22%
20%
6%
25%
My organization was attacked using an external
IoT device
My organization was attacked using an internal
IoT device
An internal IoT device was detected as part of
an external attack
An internal IoT device was detected as part of
an internal attack
None of the above

Endpoint Security

Infection rates by malware class
38%
37%
31%
15%
27%
ATA
APT
Ransomware
Other destructive malware
None that I am aware of

Endpoint incidents that bypassed endpoint
security, causing severe damage
77%
65%
39%
19%
ATA
APT
Ransomware

Endpoint attacks bypassing current endpoint
solutions that required six or more hours to
resolve
48%
52%
26%
16%
ATA
APT
Ransomware

Other Trends

Frequency of sensitive data leakage from
sharing and collaboration
27%
19%
24%
21%
8%
Very often
Often
Sometimes
Rarely
I am not aware of any data leakage

DDoS attacks on organizations
29%
24%
25%
22%
Yes, we experienced an attack in the past 6
months
Yes, we experienced an attack in the past 12
months
Yes, but not in the last 12 months
No, we have never experienced a DDoS

Risk of damage from a DDoS now compared to
one year ago
62%
22%
16%
Increasing
Neither increasing nor decreasing
Significantly decreasing

Perspectives on AI, ML, and Deep Learning
36%
49%
11%
4%
AI has become a buzzword.
I do not believe AI is commercially available.
I believe AI is distinguishable from ML and DL
and is offered in some solutions.
I believe AI is distinguishable from ML and DL
and is offered in numerous solutions.
I have no real idea or means of making that
distinction.

Questions
Get the report:
http://bit.ly/2H7LSQX

EMA Megatrends in Cyber-Security

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to EMA Megatrends in Cyber-Security

Similar to EMA Megatrends in Cyber-Security (20)

More from Enterprise Management Associates

More from Enterprise Management Associates (20)

Recently uploaded

Recently uploaded (20)

EMA Megatrends in Cyber-Security