SlideShare a Scribd company logo

Research insights - state of network security

Miguel Mello
Miguel Mello

This document summarizes the findings of a survey conducted by the Enterprise Strategy Group on the state of network security. The key findings are: 1) Network security operations have become more difficult for most organizations in the last two years due to factors like more devices/traffic on networks and evolving cyber threats. 2) While many organizations monitor network traffic and metadata for visibility, three-quarters believe visibility across their networks could be improved. 3) Adding more security tools may not solve challenges, as organizations already use 5-7 tools on average. A platform approach could better integrate existing tools.

Software
1 of 9
Download to read offline
© 2017 by The Enterprise Strategy Group, Inc. All Rights Reserved. Understanding the State of Network Security Today By Dan Conde, ESG Analyst January 2017 This ESG Research Insights Paper was commissioned by Gigamon and is distributed under license from ESG. Enterprise Strategy Group | Getting to the bigger truth.™ Network Security Trends ResearchInsightsPaper
Research Insights Paper: Network Security Trends 2 © 2017 by The Enterprise Strategy Group, Inc. All Rights Reserved. Contents Executive Summary.................................................................................................................................................................3 Research Methodology and Goals......................................................................................................................................3 Research Highlights.............................................................................................................................................................3 Research Findings ...................................................................................................................................................................4 Current State of Network and Security Operations............................................................................................................4 Challenges of Network and Security Operations................................................................................................................6 Next Steps ...............................................................................................................................................................................6 Can More Tools Help?.........................................................................................................................................................6 Can Organizational Changes Help?.....................................................................................................................................6 Can a Different Architectural Approach Help? ...................................................................................................................7 The Bigger Truth......................................................................................................................................................................8
Research Insights Paper: Network Security Trends 3 © 2017 by The Enterprise Strategy Group, Inc. All Rights Reserved. Executive Summary Research Methodology and Goals In the second half of 2016, Gigamon commissioned the Enterprise Strategy Group (ESG) to conduct a survey of 300 IT and cybersecurity professionals. Respondents to the survey all had responsibility and involvement in the planning, implementation, and/or operations of their organization’s security policies, processes, and technical safeguards. Participants also had purchase decision-making authority or influence for network security products and services. Survey respondents were located in North America and Western Europe. Multiple organization sizes were represented in the respondent base: 25% of respondents worked at organizations with 100-499 employees, 34% at organizations with 500-999 employees, and 41% at organizations with 1,000-4,999 employees. The survey included representation from many industries including manufacturing (22%), retail/wholesale (11%), financial services (16%), business services (8%), health care (5%), and communications and media (4%). This research project was undertaken to evaluate the challenges, changes, best practices, and solution requirements for network security operations and network security tools. Respondents were questioned about organizational characteristics including staffing, coordination, and time to evaluate new technology. Respondents were also asked about technology considerations such as the use of automated models compared with manual processes, types of network visibility tools in use, use of security monitoring functions, and current and planned reliance on third-party services for network security. Research Highlights Based on the data collected from the research survey, this paper concludes: • Network security operations today are as difficult as or more difficult than they were 24 months ago. • Visibility across all corporate networks can be improved, resulting in an enhanced security posture. • Organizations find they have not achieved an idealized state where automated processes provide effective network security operations. • Adding more network security tools may not be the path toward improving visibility and threat mitigation. • A platform-based architecture to enable visibility may allow organizations to make better use of the security tools they already possess.
Research Insights Paper: Network Security Trends 4 © 2017 by The Enterprise Strategy Group, Inc. All Rights Reserved. Research Findings Current State of Network and Security Operations ESG research consistently indicates that cybersecurity is a top priority1 and challenge for IT organizations, exacerbated by an increasingly sophisticated threat landscape that is exacerbated by an ongoing cybersecurity skills shortage. Indeed, from a network security perspective, the increasing number of end-user devices, communication between physical and virtual devices, and sharing of data between cloud, data center, and campus networks creates challenges for organizations in terms of getting visibility into how the data is used and transmitted, and where there are potential threats. When asked how to characterize network security operations (i.e., processes, workload, complexity, etc.) today compared with two years ago, 85% of organizations report they are as difficult as or more difficult than they were 24 months ago (see Figure 1). Figure 1. Difficulty Associated with Network Security Operations over Time Source: Enterprise Strategy Group, 2016 Among those respondents indicating that network security operations have become more onerous over the last two years, what is behind this trend? According to Figure 2, the most commonly cited factors include more devices on the network (61%), more traffic on the network (55%), network security operations encompassing more types of networking and security technologies (47%), and numerous types of cyber-attacks and vulnerabilities (46%). When asked if their organization has good visibility across its entire network(s) to efficiently perform ongoing security and vulnerability analysis, 75% of respondents reported that they believe visibility across all of their corporate networks could be improved (see Figure 3). However, many organizations are already performing activities that provide for visibility. Indeed, when ESG asked if several key activities were being performed currently, a majority reported currently monitoring network traffic for performance, fault, and availability analysis purposes, analyzing network metadata for DNS monitoring, SSL certificate analysis, or user behavior analysis, and/or performing SSL decryption. 1 Source: ESG Research Report, 2016 IT Spending Intentions Survey, February 2016. Much more difficult, 7% More difficult, 42% About the same, 36% Less difficult, 12% Much less difficult, 3% How would you characterize network security operations (i.e., processes, workload, complexity, etc.) today compared with two years ago? (Percent of respondents, N=300)
Research Insights Paper: Network Security Trends 5 © 2017 by The Enterprise Strategy Group, Inc. All Rights Reserved. There is a paradox. Although these activities are commonly performed, enterprises still state that they lack the desired network visibility. When asked if their organization has good visibility across its entire corporate network, only 25% stated they have excellent network visibility, while 67% stated it can be improved, and 8% stated that they have limited visibility. Figure 2. Top Ten Factors behind Increasing Difficulty Associated with Network Security Operations Source: Enterprise Strategy Group, 2016 40% 40% 42% 42% 42% 45% 46% 47% 55% 61% My organization has increased its use of cloud computing services over the past 2 years making network security operations more difficult My organization has increased its use of software-defined networking technologies over the past 2 years making network security operations more difficult My organization has deployed numerous new applications over the past 2 years making network security operations more difficult Network security operations depends upon cooperation and coordination between the security team and other IT groups and this has become more difficult over the past 2 years It is more difficult to get network security operations visibility across the entire network today than it was 2 years ago My organization has tightened its IT governance requirements making network security operations more difficult My organization must address security issues associated with numerous types of cyber-attacks and vulnerabilities occurring over the past 2 years, making security operations more difficult Network security operations encompasses more types of networking and security technologies than it did 2 years ago There is more traffic on the network than there was 2 years ago making network security operations more difficult There are more devices on the network than there were 2 years ago making network security operations more difficult You indicated that network security operations has become more difficult over the past two years. Which of the following are the primary factors making network security operations more difficult at your organization? (Percent of respondents, N=146)
Research Insights Paper: Network Security Trends 6 © 2017 by The Enterprise Strategy Group, Inc. All Rights Reserved. Figure 3. Level of Network Visibility Source: Enterprise Strategy Group, 2016 Challenges of Network and Security Operations Eighty-five percent of organizations use inline security tools, and a majority (58%) of those apply software updates or make configuration changes to those tools at least monthly (see Figure 4). While it’s important to keep these tools patched, it is also important to note that a shortfall of inline tools is that these changes and updates disrupt security operations and can actually create vulnerabilities. Coordination between the network and security operations teams can be another pain point, with only 32% of the respondents indicating that coordination is easy when changes to inline tools are made. This issue is explored further in the next section. Next Steps Why are these processes and tools not providing the desired outcomes? Organizations should ask themselves several questions that may help close the visibility gap: Can More Tools Help? The survey data does not indicate that more tools will help. In fact, ESG’s data shows that the typical number of tools organizations use per site is five to seven (stated by 64% of the respondents). Even larger organizations with more staff often are not choosing to use a greater number of tools. This indicates that these organizations feel that adding more tools to their environment is not an effective solution, even if they are not limited by the number of personnel to use those tools. Can Organizational Changes Help? Organizational improvements may allow organizations to make better use of existing tools. ESG’s research data shows that three in ten organizations (30%) today do not have dedicated personnel for network and security operations. Within those organizations that do staff dedicated network and security groups, 93% reported that four or fewer staff were employed in Yes, we have excellent network visibility, 25% Yes, but network visibility could be improved, 67% No, we have limited network visibility, 8% Don’t know, 1% Do you believe your organization has good visibility across its entire corporate network(s) to efficiently perform ongoing security and vulnerability analysis? (Percent of respondents, N=300)
Research Insights Paper: Network Security Trends 7 © 2017 by The Enterprise Strategy Group, Inc. All Rights Reserved. that capacity. Moreover, security groups reported a great deal of focus on incident response. When asked how many individuals are dedicated to incident response, a plurality indicated that two individuals are dedicated to that function. Thus, it is very common for half or more of security operations staff to be dedicated to performing reactive incident response activities. When ESG asked those organizations that are both staffing dedicated network and security teams and using inline security tools how difficult it is to coordinate efforts between relevant teams when making changes to inline network security tools, less than one-third reported it was easy. The aggregate picture painted by this data is not positive. Many organizations do not currently staff dedicated security roles and those that do are still likely to be resource constrained—either from a headcount or skillset perspective. Additionally, collaborative challenges among the security team and other IT disciplines are fairly common. However, if security operations staff can become more effective and coordinate their tasks better with network operations staff, then security outcomes will be improved. Automation can assist in this area as well. If network and security processes can be automated, the need for manual coordination will be reduced. Automation may also reduce the amount of time spent on incident response and enable more time to be devoted to proactive and preventative activities. Can a Different Architectural Approach Help? Understanding where organizations stand today and comparing it with an ideal situation can shed more light on how IT organizations view themselves and where opportunities to improve exist. ESG asked organizations to imagine an ideal situation where the tools and processes needed to automate network security operations completely (such as central command and control for workflow, change control, testing, visibility, and auditing) were in place and compare that to their organization’s existing processes and controls. Only 10% of organizations felt that their organization’s existing network security operations processes and controls are very similar to this ideal model (see Figure 5). This large shortfall Figure 4. Average Frequency of Inline Network Security Tool Configuration Changes Source: Enterprise Strategy Group, 2016 Weekly, 14% Monthly, 44% Once every three months, 29% Once every… Once per year or less, 4% Don’t know , 2% What is the average frequency of configuration changes/software upgrades done for your organization’s inline network security tools? (Percent of respondents, N=255)
Research Insights Paper: Network Security Trends 8 © 2017 by The Enterprise Strategy Group, Inc. All Rights Reserved. lends credence to the idea that the gap may be closed with a completely different architectural approach to network security that provides centralized command and control for operational tasks. Figure 5. Comparison of an Ideal Automated Model to Existing Processes Source: Enterprise Strategy Group, 2016 This type of centralized, platform-based architectural approach should allow disparate tools to be managed more effectively by enabling them to be viewed, administered, and monitored from a single console. Pairing tool consolidation with the automation of manual tasks should enable tools to function more effectively and processes to be more streamlined. The notion of using automation to assist network security has been seen in another ESG survey, which indicated that the area with the strongest connection to network automation was network security.2 This reinforces the finding that automation enables resources (both IT assets and people) to be used more effectively. The Bigger Truth As clearly evidenced by ESG’s research data, most organizations can improve their network visibility and reduce their security vulnerabilities. However, they must make smart investments. Adding more point tools to an already fragmented security and monitoring environment may make security outcomes worse, not better. Rather, it is more likely that the typical organization can achieve better security outcomes by investing in staff (who are likely spread too thin today) or consolidating tools through a platform-based approach to visibility in which data, analytics, and reports from multiple tools can be aggregated and consumed in one control panel. This architectural methodology to approaching these challenges is a particularly intriguing solution because it allows organizations to preserve investments in existing tools, making them work better, while also empowering the personnel 2 Source: ESG Research Report, Network Automation: Enabler of IT Process Goals, July 2016. My organization’s existing network security operations processes and controls are very similar to the ideal model described, 10% My organization’s existing network security operations processes and controls are somewhat similar to the ideal model described, 40% My organization’s existing network security operations processes and controls are not close to the ideal model described, 36% My organization’s existing network security operations processes and controls are not at all close to the ideal model described, 12% Don’t know, 2% Imagine an ideal situation where your organization had the tools and processes needed to automate network security operations completely (i.e., central command and control for workflow, change control, testing, visibility, auditing, etc.) across physical, virtual, and cloud infrastructure. How would you compare this type of automated model for network security operations to your organization’s existing processes and controls? (Percent of respondents, N=300)
Research Insights Paper: Network Security Trends 9 © 2017 by The Enterprise Strategy Group, Inc. All Rights Reserved. who use them. Improving the utilization of existing IT and human resources within the organization is a prudent way to meet these challenges. All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188. www.esg-global.com contact@esg-global.com P. 508.482.0188 Enterprise Strategy Group is an IT analyst, research, validation, and strategy firm that provides actionable insight and intelligence to the global IT community. © 2017 by The Enterprise Strategy Group, Inc. All Rights Reserved.

Recommended

Data Protection Maturity Survey Results 2013
Data Protection Maturity Survey Results 2013 Data Protection Maturity Survey Results 2013
Data Protection Maturity Survey Results 2013
- Mark - Fullbright
 
2010 GISS EY
2010 GISS EY2010 GISS EY
2010 GISS EYVladimir Matviychuk
 
McNair_Paper_Hill
McNair_Paper_HillMcNair_Paper_Hill
McNair_Paper_HillDennis Hill
 
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEXWIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
IJNSA Journal
 
Malware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest ThreatMalware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest Threat
Chris Ross
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
Decoding Organizational DNA
Decoding Organizational DNADecoding Organizational DNA
Decoding Organizational DNA
accenture
 
2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-StudyTam Nguyen
 

Recommended

Data Protection Maturity Survey Results 2013
Data Protection Maturity Survey Results 2013 Data Protection Maturity Survey Results 2013
Data Protection Maturity Survey Results 2013
- Mark - Fullbright
 
2010 GISS EY
2010 GISS EY2010 GISS EY
2010 GISS EYVladimir Matviychuk
 
McNair_Paper_Hill
McNair_Paper_HillMcNair_Paper_Hill
McNair_Paper_HillDennis Hill
 
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEXWIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEX
IJNSA Journal
 
Malware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest ThreatMalware & Data Breaches: Combatting the Biggest Threat
Malware & Data Breaches: Combatting the Biggest Threat
Chris Ross
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
Decoding Organizational DNA
Decoding Organizational DNADecoding Organizational DNA
Decoding Organizational DNA
accenture
 
2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-StudyTam Nguyen
 
Prof m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - finalProf m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - finalSelectedPresentations
 
The Internet of Things and Enterprise Networks: Planning, Engineering, and Op...
The Internet of Things and Enterprise Networks: Planning, Engineering, and Op...The Internet of Things and Enterprise Networks: Planning, Engineering, and Op...
The Internet of Things and Enterprise Networks: Planning, Engineering, and Op...
Enterprise Management Associates
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
IBM Security
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
Lumension
 
An Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationAn Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an Organization
IJERA Editor
 
The state of incident response
The state of incident responseThe state of incident response
The state of incident response
Abhishek Sood
 
2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey
Adobe
 
SVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation ReportSVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation Report
Silicon Valley Bank
 
SVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - OverviewSVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - Overview
Silicon Valley Bank
 
Protecting Corporate Information in the Cloud
Protecting Corporate Information in the CloudProtecting Corporate Information in the Cloud
Protecting Corporate Information in the Cloud
Symantec
 
Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)
PwC France
 
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Marcello Marchesini
 
Evolving State of the Endpoint Webinar
Evolving State of the Endpoint WebinarEvolving State of the Endpoint Webinar
Evolving State of the Endpoint Webinar
Lumension
 
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseData security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
The Economist Media Businesses
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
ijcsit
 
Cybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesCybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesTony Moroney
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFLaurie Mosca-Cocca
 
The top challenges to expect in network security in 2019 survey report
The top challenges to expect in network security in 2019 survey report The top challenges to expect in network security in 2019 survey report
The top challenges to expect in network security in 2019 survey report
Bricata, Inc.
 
response.pdfresponseby Abc AbcSubmission date 14-Ma.docx
response.pdfresponseby Abc AbcSubmission date 14-Ma.docxresponse.pdfresponseby Abc AbcSubmission date 14-Ma.docx
response.pdfresponseby Abc AbcSubmission date 14-Ma.docx
zmark3
 
Research Paper TopicITS835 – Enterprise Risk Managemen.docx
Research Paper TopicITS835 – Enterprise Risk Managemen.docxResearch Paper TopicITS835 – Enterprise Risk Managemen.docx
Research Paper TopicITS835 – Enterprise Risk Managemen.docx
audeleypearl
 
Big Data: Privacy and Security Aspects
Big Data: Privacy and Security AspectsBig Data: Privacy and Security Aspects
Big Data: Privacy and Security Aspects
IRJET Journal
 

More Related Content

What's hot

Prof m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - finalProf m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - finalSelectedPresentations
 
The Internet of Things and Enterprise Networks: Planning, Engineering, and Op...
The Internet of Things and Enterprise Networks: Planning, Engineering, and Op...The Internet of Things and Enterprise Networks: Planning, Engineering, and Op...
The Internet of Things and Enterprise Networks: Planning, Engineering, and Op...
Enterprise Management Associates
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
IBM Security
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
Lumension
 
An Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationAn Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an Organization
IJERA Editor
 
The state of incident response
The state of incident responseThe state of incident response
The state of incident response
Abhishek Sood
 
2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey
Adobe
 
SVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation ReportSVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation Report
Silicon Valley Bank
 
SVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - OverviewSVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - Overview
Silicon Valley Bank
 
Protecting Corporate Information in the Cloud
Protecting Corporate Information in the CloudProtecting Corporate Information in the Cloud
Protecting Corporate Information in the Cloud
Symantec
 
Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)
PwC France
 
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Marcello Marchesini
 
Evolving State of the Endpoint Webinar
Evolving State of the Endpoint WebinarEvolving State of the Endpoint Webinar
Evolving State of the Endpoint Webinar
Lumension
 
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseData security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
The Economist Media Businesses
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
ijcsit
 
Cybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesCybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesTony Moroney
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFLaurie Mosca-Cocca
 

What's hot (18)

Prof m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - finalProf m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - final
 
The Internet of Things and Enterprise Networks: Planning, Engineering, and Op...
The Internet of Things and Enterprise Networks: Planning, Engineering, and Op...The Internet of Things and Enterprise Networks: Planning, Engineering, and Op...
The Internet of Things and Enterprise Networks: Planning, Engineering, and Op...
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
 
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2011
 
An Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationAn Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an Organization
 
The state of incident response
The state of incident responseThe state of incident response
The state of incident response
 
2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey
 
SVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation ReportSVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation Report
 
SVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - OverviewSVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - Overview
 
Protecting Corporate Information in the Cloud
Protecting Corporate Information in the CloudProtecting Corporate Information in the Cloud
Protecting Corporate Information in the Cloud
 
Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)
 
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
 
Evolving State of the Endpoint Webinar
Evolving State of the Endpoint WebinarEvolving State of the Endpoint Webinar
Evolving State of the Endpoint Webinar
 
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterpriseData security: How a proactive C-suite can reduce cyber-risk for the enterprise
Data security: How a proactive C-suite can reduce cyber-risk for the enterprise
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
 
Cybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best PracticesCybersecurity Preparedness Trends and Best Practices
Cybersecurity Preparedness Trends and Best Practices
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
 

Similar to Research insights - state of network security

The top challenges to expect in network security in 2019 survey report
The top challenges to expect in network security in 2019 survey report The top challenges to expect in network security in 2019 survey report
The top challenges to expect in network security in 2019 survey report
Bricata, Inc.
 
response.pdfresponseby Abc AbcSubmission date 14-Ma.docx
response.pdfresponseby Abc AbcSubmission date 14-Ma.docxresponse.pdfresponseby Abc AbcSubmission date 14-Ma.docx
response.pdfresponseby Abc AbcSubmission date 14-Ma.docx
zmark3
 
Research Paper TopicITS835 – Enterprise Risk Managemen.docx
Research Paper TopicITS835 – Enterprise Risk Managemen.docxResearch Paper TopicITS835 – Enterprise Risk Managemen.docx
Research Paper TopicITS835 – Enterprise Risk Managemen.docx
audeleypearl
 
Big Data: Privacy and Security Aspects
Big Data: Privacy and Security AspectsBig Data: Privacy and Security Aspects
Big Data: Privacy and Security Aspects
IRJET Journal
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
ADGP, Public Grivences, Bangalore
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Dave Darnell
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
toltonkendal
 
NEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfNEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdf
IDG
 
An Effective Cybersecurity Awareness Training Model: First Defense of an Orga...
An Effective Cybersecurity Awareness Training Model: First Defense of an Orga...An Effective Cybersecurity Awareness Training Model: First Defense of an Orga...
An Effective Cybersecurity Awareness Training Model: First Defense of an Orga...
IRJET Journal
 
HYBRIDIZED MODEL FOR DATA SECURITY BASED ON SECURITY HASH ANALYSIS (SHA 512) ...
HYBRIDIZED MODEL FOR DATA SECURITY BASED ON SECURITY HASH ANALYSIS (SHA 512) ...HYBRIDIZED MODEL FOR DATA SECURITY BASED ON SECURITY HASH ANALYSIS (SHA 512) ...
HYBRIDIZED MODEL FOR DATA SECURITY BASED ON SECURITY HASH ANALYSIS (SHA 512) ...
IJNSA Journal
 
WildPackets EMA Whitepaper Preview
WildPackets EMA Whitepaper PreviewWildPackets EMA Whitepaper Preview
WildPackets EMA Whitepaper PreviewSavvius, Inc
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
Joseph DeFever
 
Information Assurance Framework for Web Services .docx
Information Assurance Framework for Web Services .docxInformation Assurance Framework for Web Services .docx
Information Assurance Framework for Web Services .docx
jaggernaoma
 
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
Cohesive Networks
 
Automatic Insider Threat Detection in E-mail System using N-gram Technique
Automatic Insider Threat Detection in E-mail System using N-gram TechniqueAutomatic Insider Threat Detection in E-mail System using N-gram Technique
Automatic Insider Threat Detection in E-mail System using N-gram Technique
IRJET Journal
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security Risks
Chris Ross
 
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
IJNSA Journal
 
Challenges in implementing effective data security practices
Challenges in implementing effective data security practicesChallenges in implementing effective data security practices
Challenges in implementing effective data security practiceswacasr
 
Drive Business Transformation via Better Network Connectivity_WP
Drive Business Transformation via Better Network Connectivity_WPDrive Business Transformation via Better Network Connectivity_WP
Drive Business Transformation via Better Network Connectivity_WPSean Crimmins
 
2010 report data security survey
2010 report data security survey2010 report data security survey
2010 report data security surveyCarlo Del Bo
 

Similar to Research insights - state of network security (20)

The top challenges to expect in network security in 2019 survey report
The top challenges to expect in network security in 2019 survey report The top challenges to expect in network security in 2019 survey report
The top challenges to expect in network security in 2019 survey report
 
response.pdfresponseby Abc AbcSubmission date 14-Ma.docx
response.pdfresponseby Abc AbcSubmission date 14-Ma.docxresponse.pdfresponseby Abc AbcSubmission date 14-Ma.docx
response.pdfresponseby Abc AbcSubmission date 14-Ma.docx
 
Research Paper TopicITS835 – Enterprise Risk Managemen.docx
Research Paper TopicITS835 – Enterprise Risk Managemen.docxResearch Paper TopicITS835 – Enterprise Risk Managemen.docx
Research Paper TopicITS835 – Enterprise Risk Managemen.docx
 
Big Data: Privacy and Security Aspects
Big Data: Privacy and Security AspectsBig Data: Privacy and Security Aspects
Big Data: Privacy and Security Aspects
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
 
NEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfNEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdf
 
An Effective Cybersecurity Awareness Training Model: First Defense of an Orga...
An Effective Cybersecurity Awareness Training Model: First Defense of an Orga...An Effective Cybersecurity Awareness Training Model: First Defense of an Orga...
An Effective Cybersecurity Awareness Training Model: First Defense of an Orga...
 
HYBRIDIZED MODEL FOR DATA SECURITY BASED ON SECURITY HASH ANALYSIS (SHA 512) ...
HYBRIDIZED MODEL FOR DATA SECURITY BASED ON SECURITY HASH ANALYSIS (SHA 512) ...HYBRIDIZED MODEL FOR DATA SECURITY BASED ON SECURITY HASH ANALYSIS (SHA 512) ...
HYBRIDIZED MODEL FOR DATA SECURITY BASED ON SECURITY HASH ANALYSIS (SHA 512) ...
 
WildPackets EMA Whitepaper Preview
WildPackets EMA Whitepaper PreviewWildPackets EMA Whitepaper Preview
WildPackets EMA Whitepaper Preview
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
Information Assurance Framework for Web Services .docx
Information Assurance Framework for Web Services .docxInformation Assurance Framework for Web Services .docx
Information Assurance Framework for Web Services .docx
 
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
 
Automatic Insider Threat Detection in E-mail System using N-gram Technique
Automatic Insider Threat Detection in E-mail System using N-gram TechniqueAutomatic Insider Threat Detection in E-mail System using N-gram Technique
Automatic Insider Threat Detection in E-mail System using N-gram Technique
 
Assessing and Managing IT Security Risks
Assessing and Managing IT Security RisksAssessing and Managing IT Security Risks
Assessing and Managing IT Security Risks
 
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...
 
Challenges in implementing effective data security practices
Challenges in implementing effective data security practicesChallenges in implementing effective data security practices
Challenges in implementing effective data security practices
 
Drive Business Transformation via Better Network Connectivity_WP
Drive Business Transformation via Better Network Connectivity_WPDrive Business Transformation via Better Network Connectivity_WP
Drive Business Transformation via Better Network Connectivity_WP
 
2010 report data security survey
2010 report data security survey2010 report data security survey
2010 report data security survey
 

More from Miguel Mello

Quick guide gdpr
Quick guide gdprQuick guide gdpr
Quick guide gdpr
Miguel Mello
 
Palestra Cidades
Palestra CidadesPalestra Cidades
Palestra Cidades
Miguel Mello
 
Backbase omni channel banking report
Backbase omni channel banking reportBackbase omni channel banking report
Backbase omni channel banking report
Miguel Mello
 
Digital Transformation Iniciative
Digital Transformation IniciativeDigital Transformation Iniciative
Digital Transformation Iniciative
Miguel Mello
 
Estudo IDC Microsoft - RGPD
Estudo IDC Microsoft - RGPDEstudo IDC Microsoft - RGPD
Estudo IDC Microsoft - RGPD
Miguel Mello
 
Accenture: The Future of Fintech and Banking
Accenture: The Future of Fintech and BankingAccenture: The Future of Fintech and Banking
Accenture: The Future of Fintech and Banking
Miguel Mello
 
Microsoft Azure and the EU GDPR
Microsoft Azure and the EU GDPRMicrosoft Azure and the EU GDPR
Microsoft Azure and the EU GDPR
Miguel Mello
 
5 steps to enhance customer experience with iot analytics
5 steps to enhance customer experience with iot analytics5 steps to enhance customer experience with iot analytics
5 steps to enhance customer experience with iot analytics
Miguel Mello
 
BOON TECH
BOON TECHBOON TECH
BOON TECH
Miguel Mello
 
GDPR Compliance
GDPR ComplianceGDPR Compliance
GDPR Compliance
Miguel Mello
 
Marketing Analytics Meets Artificial Intelligence: Six Strategies for Success
Marketing Analytics Meets Artificial Intelligence: Six Strategies for SuccessMarketing Analytics Meets Artificial Intelligence: Six Strategies for Success
Marketing Analytics Meets Artificial Intelligence: Six Strategies for Success
Miguel Mello
 
Beginning your GDPR journey
Beginning your GDPR journeyBeginning your GDPR journey
Beginning your GDPR journey
Miguel Mello
 
10 Things Banks Should be Doing in 2018
10 Things Banks Should be Doing in 201810 Things Banks Should be Doing in 2018
10 Things Banks Should be Doing in 2018
Miguel Mello
 
Digital transformation and customer care
Digital transformation and customer careDigital transformation and customer care
Digital transformation and customer care
Miguel Mello
 
Let's Celebrate Life
Let's Celebrate LifeLet's Celebrate Life
Let's Celebrate Life
Miguel Mello
 

More from Miguel Mello (15)

Quick guide gdpr
Quick guide gdprQuick guide gdpr
Quick guide gdpr
 
Palestra Cidades
Palestra CidadesPalestra Cidades
Palestra Cidades
 
Backbase omni channel banking report
Backbase omni channel banking reportBackbase omni channel banking report
Backbase omni channel banking report
 
Digital Transformation Iniciative
Digital Transformation IniciativeDigital Transformation Iniciative
Digital Transformation Iniciative
 
Estudo IDC Microsoft - RGPD
Estudo IDC Microsoft - RGPDEstudo IDC Microsoft - RGPD
Estudo IDC Microsoft - RGPD
 
Accenture: The Future of Fintech and Banking
Accenture: The Future of Fintech and BankingAccenture: The Future of Fintech and Banking
Accenture: The Future of Fintech and Banking
 
Microsoft Azure and the EU GDPR
Microsoft Azure and the EU GDPRMicrosoft Azure and the EU GDPR
Microsoft Azure and the EU GDPR
 
5 steps to enhance customer experience with iot analytics
5 steps to enhance customer experience with iot analytics5 steps to enhance customer experience with iot analytics
5 steps to enhance customer experience with iot analytics
 
BOON TECH
BOON TECHBOON TECH
BOON TECH
 
GDPR Compliance
GDPR ComplianceGDPR Compliance
GDPR Compliance
 
Marketing Analytics Meets Artificial Intelligence: Six Strategies for Success
Marketing Analytics Meets Artificial Intelligence: Six Strategies for SuccessMarketing Analytics Meets Artificial Intelligence: Six Strategies for Success
Marketing Analytics Meets Artificial Intelligence: Six Strategies for Success
 
Beginning your GDPR journey
Beginning your GDPR journeyBeginning your GDPR journey
Beginning your GDPR journey
 
10 Things Banks Should be Doing in 2018
10 Things Banks Should be Doing in 201810 Things Banks Should be Doing in 2018
10 Things Banks Should be Doing in 2018
 
Digital transformation and customer care
Digital transformation and customer careDigital transformation and customer care
Digital transformation and customer care
 
Let's Celebrate Life
Let's Celebrate LifeLet's Celebrate Life
Let's Celebrate Life
 

Recently uploaded

Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Globus
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
e20449
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
Globus
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
informapgpstrackings
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus
 
top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
vrstrong314
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
takuyayamamoto1800
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
Matt Welsh
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
Ortus Solutions, Corp
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
Google
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
Globus
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Globus
 
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfEnhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Jay Das
 

Recently uploaded (20)

Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
 
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
Into the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdfInto the Box 2024 - Keynote Day 2 Slides.pdf
Into the Box 2024 - Keynote Day 2 Slides.pdf
 
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteAI Pilot Review: The World’s First Virtual Assistant Marketing Suite
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfEnhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdf
 

Research insights - state of network security

  • 1. © 2017 by The Enterprise Strategy Group, Inc. All Rights Reserved. Understanding the State of Network Security Today By Dan Conde, ESG Analyst January 2017 This ESG Research Insights Paper was commissioned by Gigamon and is distributed under license from ESG. Enterprise Strategy Group | Getting to the bigger truth.™ Network Security Trends ResearchInsightsPaper
  • 2. Research Insights Paper: Network Security Trends 2 © 2017 by The Enterprise Strategy Group, Inc. All Rights Reserved. Contents Executive Summary.................................................................................................................................................................3 Research Methodology and Goals......................................................................................................................................3 Research Highlights.............................................................................................................................................................3 Research Findings ...................................................................................................................................................................4 Current State of Network and Security Operations............................................................................................................4 Challenges of Network and Security Operations................................................................................................................6 Next Steps ...............................................................................................................................................................................6 Can More Tools Help?.........................................................................................................................................................6 Can Organizational Changes Help?.....................................................................................................................................6 Can a Different Architectural Approach Help? ...................................................................................................................7 The Bigger Truth......................................................................................................................................................................8
  • 3. Research Insights Paper: Network Security Trends 3 © 2017 by The Enterprise Strategy Group, Inc. All Rights Reserved. Executive Summary Research Methodology and Goals In the second half of 2016, Gigamon commissioned the Enterprise Strategy Group (ESG) to conduct a survey of 300 IT and cybersecurity professionals. Respondents to the survey all had responsibility and involvement in the planning, implementation, and/or operations of their organization’s security policies, processes, and technical safeguards. Participants also had purchase decision-making authority or influence for network security products and services. Survey respondents were located in North America and Western Europe. Multiple organization sizes were represented in the respondent base: 25% of respondents worked at organizations with 100-499 employees, 34% at organizations with 500-999 employees, and 41% at organizations with 1,000-4,999 employees. The survey included representation from many industries including manufacturing (22%), retail/wholesale (11%), financial services (16%), business services (8%), health care (5%), and communications and media (4%). This research project was undertaken to evaluate the challenges, changes, best practices, and solution requirements for network security operations and network security tools. Respondents were questioned about organizational characteristics including staffing, coordination, and time to evaluate new technology. Respondents were also asked about technology considerations such as the use of automated models compared with manual processes, types of network visibility tools in use, use of security monitoring functions, and current and planned reliance on third-party services for network security. Research Highlights Based on the data collected from the research survey, this paper concludes: • Network security operations today are as difficult as or more difficult than they were 24 months ago. • Visibility across all corporate networks can be improved, resulting in an enhanced security posture. • Organizations find they have not achieved an idealized state where automated processes provide effective network security operations. • Adding more network security tools may not be the path toward improving visibility and threat mitigation. • A platform-based architecture to enable visibility may allow organizations to make better use of the security tools they already possess.
  • 4. Research Insights Paper: Network Security Trends 4 © 2017 by The Enterprise Strategy Group, Inc. All Rights Reserved. Research Findings Current State of Network and Security Operations ESG research consistently indicates that cybersecurity is a top priority1 and challenge for IT organizations, exacerbated by an increasingly sophisticated threat landscape that is exacerbated by an ongoing cybersecurity skills shortage. Indeed, from a network security perspective, the increasing number of end-user devices, communication between physical and virtual devices, and sharing of data between cloud, data center, and campus networks creates challenges for organizations in terms of getting visibility into how the data is used and transmitted, and where there are potential threats. When asked how to characterize network security operations (i.e., processes, workload, complexity, etc.) today compared with two years ago, 85% of organizations report they are as difficult as or more difficult than they were 24 months ago (see Figure 1). Figure 1. Difficulty Associated with Network Security Operations over Time Source: Enterprise Strategy Group, 2016 Among those respondents indicating that network security operations have become more onerous over the last two years, what is behind this trend? According to Figure 2, the most commonly cited factors include more devices on the network (61%), more traffic on the network (55%), network security operations encompassing more types of networking and security technologies (47%), and numerous types of cyber-attacks and vulnerabilities (46%). When asked if their organization has good visibility across its entire network(s) to efficiently perform ongoing security and vulnerability analysis, 75% of respondents reported that they believe visibility across all of their corporate networks could be improved (see Figure 3). However, many organizations are already performing activities that provide for visibility. Indeed, when ESG asked if several key activities were being performed currently, a majority reported currently monitoring network traffic for performance, fault, and availability analysis purposes, analyzing network metadata for DNS monitoring, SSL certificate analysis, or user behavior analysis, and/or performing SSL decryption. 1 Source: ESG Research Report, 2016 IT Spending Intentions Survey, February 2016. Much more difficult, 7% More difficult, 42% About the same, 36% Less difficult, 12% Much less difficult, 3% How would you characterize network security operations (i.e., processes, workload, complexity, etc.) today compared with two years ago? (Percent of respondents, N=300)
  • 5. Research Insights Paper: Network Security Trends 5 © 2017 by The Enterprise Strategy Group, Inc. All Rights Reserved. There is a paradox. Although these activities are commonly performed, enterprises still state that they lack the desired network visibility. When asked if their organization has good visibility across its entire corporate network, only 25% stated they have excellent network visibility, while 67% stated it can be improved, and 8% stated that they have limited visibility. Figure 2. Top Ten Factors behind Increasing Difficulty Associated with Network Security Operations Source: Enterprise Strategy Group, 2016 40% 40% 42% 42% 42% 45% 46% 47% 55% 61% My organization has increased its use of cloud computing services over the past 2 years making network security operations more difficult My organization has increased its use of software-defined networking technologies over the past 2 years making network security operations more difficult My organization has deployed numerous new applications over the past 2 years making network security operations more difficult Network security operations depends upon cooperation and coordination between the security team and other IT groups and this has become more difficult over the past 2 years It is more difficult to get network security operations visibility across the entire network today than it was 2 years ago My organization has tightened its IT governance requirements making network security operations more difficult My organization must address security issues associated with numerous types of cyber-attacks and vulnerabilities occurring over the past 2 years, making security operations more difficult Network security operations encompasses more types of networking and security technologies than it did 2 years ago There is more traffic on the network than there was 2 years ago making network security operations more difficult There are more devices on the network than there were 2 years ago making network security operations more difficult You indicated that network security operations has become more difficult over the past two years. Which of the following are the primary factors making network security operations more difficult at your organization? (Percent of respondents, N=146)
  • 6. Research Insights Paper: Network Security Trends 6 © 2017 by The Enterprise Strategy Group, Inc. All Rights Reserved. Figure 3. Level of Network Visibility Source: Enterprise Strategy Group, 2016 Challenges of Network and Security Operations Eighty-five percent of organizations use inline security tools, and a majority (58%) of those apply software updates or make configuration changes to those tools at least monthly (see Figure 4). While it’s important to keep these tools patched, it is also important to note that a shortfall of inline tools is that these changes and updates disrupt security operations and can actually create vulnerabilities. Coordination between the network and security operations teams can be another pain point, with only 32% of the respondents indicating that coordination is easy when changes to inline tools are made. This issue is explored further in the next section. Next Steps Why are these processes and tools not providing the desired outcomes? Organizations should ask themselves several questions that may help close the visibility gap: Can More Tools Help? The survey data does not indicate that more tools will help. In fact, ESG’s data shows that the typical number of tools organizations use per site is five to seven (stated by 64% of the respondents). Even larger organizations with more staff often are not choosing to use a greater number of tools. This indicates that these organizations feel that adding more tools to their environment is not an effective solution, even if they are not limited by the number of personnel to use those tools. Can Organizational Changes Help? Organizational improvements may allow organizations to make better use of existing tools. ESG’s research data shows that three in ten organizations (30%) today do not have dedicated personnel for network and security operations. Within those organizations that do staff dedicated network and security groups, 93% reported that four or fewer staff were employed in Yes, we have excellent network visibility, 25% Yes, but network visibility could be improved, 67% No, we have limited network visibility, 8% Don’t know, 1% Do you believe your organization has good visibility across its entire corporate network(s) to efficiently perform ongoing security and vulnerability analysis? (Percent of respondents, N=300)
  • 7. Research Insights Paper: Network Security Trends 7 © 2017 by The Enterprise Strategy Group, Inc. All Rights Reserved. that capacity. Moreover, security groups reported a great deal of focus on incident response. When asked how many individuals are dedicated to incident response, a plurality indicated that two individuals are dedicated to that function. Thus, it is very common for half or more of security operations staff to be dedicated to performing reactive incident response activities. When ESG asked those organizations that are both staffing dedicated network and security teams and using inline security tools how difficult it is to coordinate efforts between relevant teams when making changes to inline network security tools, less than one-third reported it was easy. The aggregate picture painted by this data is not positive. Many organizations do not currently staff dedicated security roles and those that do are still likely to be resource constrained—either from a headcount or skillset perspective. Additionally, collaborative challenges among the security team and other IT disciplines are fairly common. However, if security operations staff can become more effective and coordinate their tasks better with network operations staff, then security outcomes will be improved. Automation can assist in this area as well. If network and security processes can be automated, the need for manual coordination will be reduced. Automation may also reduce the amount of time spent on incident response and enable more time to be devoted to proactive and preventative activities. Can a Different Architectural Approach Help? Understanding where organizations stand today and comparing it with an ideal situation can shed more light on how IT organizations view themselves and where opportunities to improve exist. ESG asked organizations to imagine an ideal situation where the tools and processes needed to automate network security operations completely (such as central command and control for workflow, change control, testing, visibility, and auditing) were in place and compare that to their organization’s existing processes and controls. Only 10% of organizations felt that their organization’s existing network security operations processes and controls are very similar to this ideal model (see Figure 5). This large shortfall Figure 4. Average Frequency of Inline Network Security Tool Configuration Changes Source: Enterprise Strategy Group, 2016 Weekly, 14% Monthly, 44% Once every three months, 29% Once every… Once per year or less, 4% Don’t know , 2% What is the average frequency of configuration changes/software upgrades done for your organization’s inline network security tools? (Percent of respondents, N=255)
  • 8. Research Insights Paper: Network Security Trends 8 © 2017 by The Enterprise Strategy Group, Inc. All Rights Reserved. lends credence to the idea that the gap may be closed with a completely different architectural approach to network security that provides centralized command and control for operational tasks. Figure 5. Comparison of an Ideal Automated Model to Existing Processes Source: Enterprise Strategy Group, 2016 This type of centralized, platform-based architectural approach should allow disparate tools to be managed more effectively by enabling them to be viewed, administered, and monitored from a single console. Pairing tool consolidation with the automation of manual tasks should enable tools to function more effectively and processes to be more streamlined. The notion of using automation to assist network security has been seen in another ESG survey, which indicated that the area with the strongest connection to network automation was network security.2 This reinforces the finding that automation enables resources (both IT assets and people) to be used more effectively. The Bigger Truth As clearly evidenced by ESG’s research data, most organizations can improve their network visibility and reduce their security vulnerabilities. However, they must make smart investments. Adding more point tools to an already fragmented security and monitoring environment may make security outcomes worse, not better. Rather, it is more likely that the typical organization can achieve better security outcomes by investing in staff (who are likely spread too thin today) or consolidating tools through a platform-based approach to visibility in which data, analytics, and reports from multiple tools can be aggregated and consumed in one control panel. This architectural methodology to approaching these challenges is a particularly intriguing solution because it allows organizations to preserve investments in existing tools, making them work better, while also empowering the personnel 2 Source: ESG Research Report, Network Automation: Enabler of IT Process Goals, July 2016. My organization’s existing network security operations processes and controls are very similar to the ideal model described, 10% My organization’s existing network security operations processes and controls are somewhat similar to the ideal model described, 40% My organization’s existing network security operations processes and controls are not close to the ideal model described, 36% My organization’s existing network security operations processes and controls are not at all close to the ideal model described, 12% Don’t know, 2% Imagine an ideal situation where your organization had the tools and processes needed to automate network security operations completely (i.e., central command and control for workflow, change control, testing, visibility, auditing, etc.) across physical, virtual, and cloud infrastructure. How would you compare this type of automated model for network security operations to your organization’s existing processes and controls? (Percent of respondents, N=300)
  • 9. Research Insights Paper: Network Security Trends 9 © 2017 by The Enterprise Strategy Group, Inc. All Rights Reserved. who use them. Improving the utilization of existing IT and human resources within the organization is a prudent way to meet these challenges. All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change from time to time. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at 508.482.0188. www.esg-global.com contact@esg-global.com P. 508.482.0188 Enterprise Strategy Group is an IT analyst, research, validation, and strategy firm that provides actionable insight and intelligence to the global IT community. © 2017 by The Enterprise Strategy Group, Inc. All Rights Reserved.