Unlocking High Fidelity Security

IT & DATA MANAGEMENT RESEARCH,
INDUSTRY ANALYSIS & CONSULTING
Unlocking High Fidelity Security 2019
David Monahan
Managing Research Director, Security and Risk Management
Enterprise Management Associates

INDUSTRY ANALYSIS & CONSULTING2 © 2019 Enterprise Management Associates
Watch the On-Demand Webinar
• Watch the Unlocking High Fidelity Security On-
Demand webinar is available here:
http://info.enterprisemanagement.com/achieving-high-
fidelity-security-webinar-ws
• Check out upcoming webinars from EMA here:
http://www.enterprisemanagement.com/freeResearch

INDUSTRY ANALYSIS & CONSULTING3 © 2019 Enterprise Management Associates, Inc.
Today’s Speaker
David Monahan, Managing Research Director, Security
and Risk Management, EMA
David is a senior information security executive with years of
experience. He has organized and managed both physical
and information security programs, including security and
network operations (SOCs and NOCs) for organizations
ranging from Fortune 100 companies to local government and
small public and private companies. He has diverse audit,
compliance, risk, and privacy experience, such as providing
strategic and tactical leadership to develop, architect, and
deploy assurance controls, delivering process and policy
documentation and training, and working on educational and
technical solutions.

Logistics
An archived version of the event
recording will be available at
www.enterprisemanagement.com
• Log questions in the chat panel
located on the lower left-hand corner
of your screen
• Questions will be addressed during
the Q&A session of the event
QUESTIONS
EVENT RECORDING

Sponsors

Demographics
• Focused on North America
• 42% Director and above
• Org Sizes:
• 25% SMB, 47% Midsized, 28% Enterprise
• Top 5 industries:
• MSSP
• Healthcare/Medical/Pharma
• Manufacturing
• Tech
• Retail/Wholesale Consumer goods
• Average budget increases:
• Security falls between 8%-10%
• IT falls between 10% and 15%
• ~10% of organizations have increases of 25% or more!

Disconnect in Security Perceptions
Slide 7 © 2019 Enterprise Management Associates, Inc.

Security Program Maturity
13%
56%
26%
5%
1%
Superior
Very Good
Good
Fair
Poor

Security Access to Data For Investigations
47%
44%
8%
1%
33%
35%
20%
14%
33%
31%
24%
11%
They have direct access to all of the data or systems
They have direct access to most of the data or systems
They have direct access to some of the data or systems
They do not have direct access unless they request it
Sr. Mgmt Mid Mgmt Front line Ops

Comfortability with Current Organizational
Cyber-Risk
22%
39%
28%
8%
4%
Wholly comfortable
Generally comfortable,
but with some reservations
Moderately comfortable
Moderately uncomfortable
Very uncomfortable

Respondents Wholly Comfortable with Current
Organizational Cyber-Risk By Role
30%
11%
16%
Sr. Mgmt
Middle Mgmt.
Front line Ops

Perspective on Current Controls Effectiveness
33%
24%
20%
Sr Mgmt
Mdl Mgmt
Ops
Outstanding Prevention
37%
30%
20%
Sr Mgmt
Mdl Mgmt
Ops
Outstanding Detection
30%
24%
27%
Sr Mgmt
Mdl Mgmtbreach (C)
Ops
Outstanding-Quantifying

Security Controls

Top Three Least Effective Cyber-security
Controls
36%
34%
31%
26%
Data loss prevention/detection
Vulnerability management
Breach investigation and incident response
Confident in all areas listed

Most Significant Impact on Security Posture
44%
45%
11%
26%
63%
11%
38%
42%
20%
More efficient internal processes and IT hygiene
Additional security technologies/product/solutions
Employee awareness
Sr. Mgmt. Mid Mgmt. Front line Ops

Security Services Adoption

2018 Security Service Spending
6%
10%
19%
51%
7%
7%
Yes. We spend between 75% and 89% of our
security budget with MSSPs.
None, but we are investigating engaging a provider.
None, and we have no interest in investigating.

Perspective on Tools and Skills for
Effective Secops
18 © 2019 Enterprise Management Associates, Inc.
47%
23%
22%
6%
2%
Yes
No, but I believe we are 90% or better on the way
No, but I believe we are 75% to 89% on the way
No, and we need to make significant progress
Tools
50%
23%
19%
8%
1%
Yes
No, but I believe we are 90% or better on the way
No, and we need to make significant progress
Skills

Security Services Consumption
52%
49%
47%
24x7 security incident monitoring
Managed firewall
Risk assessment
Top 3 Services Used
61%
50%
39%
24x7 security incident monitoring
Managed detection and response
Risk assessment
Top 3 Service Under Consideration

Top 5 Drivers for Security Services
Adoption
38%
37%
36%
35%
34%
Believe that the MSSP can do it better regardless of in-
house cost
Better value/ROI than performing the tasks in-house
Believe that the MSSP can do it better regardless of skills
in-house
Cost to hire currently available personnel compared to cost
of MSSP
Want to focus on the core business

Identifying and Stopping Breaches

The Stage Attacks are Identified and Stopped
15%
13%
15%
17%
11%
9%
11%
9%
16%
15%
12%
16%
11%
9%
10%
11%
Inside perimeter reconnaissance
Initial infiltration/landing/delivery
Host/user exploitation
When malware/tools are installed
Command and control
Lateral movement
Data exfiltration
Post event(s)

Tope 3 Data Sources for Early Detection of an
Attack of Breach
49%
42%
41%
Vulnerability assessment data
Dark web monitoring
Perimeter protection tools (DDoS, firewall, IPS,
web proxy, etc.)

Importance of Having a Single Security
Console
46%
39%
13%
2%
0%
Very important
Important
Somewhat important
Somewhat unimportant
Not important at all

Defense Control Testing
29%
38%
38%
36%
39%
40%
42%
69%
57%
59%
60%
56%
56%
54%
Evaluate policies
Test IR procedures
Evaluate incident monitoring and alerting systems
configurations/parameters
Evaluate operational procedures
Conduct testing on our perimeter defensive configurations
Conduct testing on our internal defensive technology
configurations
Perform penetration testing on critical systems
More often than semi-annually Annually to semi-annually

Improving Controls Testing Would Improve
Security
72%
72%
70%
Evaluate incident monitoring and alerting systems
configurations/parameters
Conduct testing on our perimeter defensive
configurations
Conduct testing on our internal defensive technology
configurations

Tools and Data Integrations

Data Integration Methods- Very Important to
Indispensable Tool Selection Criteria
61%
59%
60%
59%
59%
Cloud or On-premises third-party data analysis tools
On-premises or Cloud-based third-party data collection tools
Third-party data integration tools
Vendor-created open APIs
Vendor partnership-driven integrations

Top 3 Challenges Inhibiting Security Data
Integration
49%
46%
41%
Lack of vendor-enabled integrations
Lack of analysis capabilities in the solution
Lack of vendor-supplied open APIs creating an in
ability to inject/import information

Automation

Trust/Preference in Fully Automatic Actions vs.
Manually-Gated Automated Actions
60%
40%
More automated
More automatic
Definitions:
Automated—The detection system performs incident detection, data gathering,
and data analysis, then presents findings and recommendations for resolution to a
person who authorizes the system to execute a resolution process.
Automatic—The detection system performs incident detection, data gathering,
and data analysis, and at least an initial attempt at resolution, before presenting
the outcome to a person who closes the case. Case closure may be performed by
the system if successful outcome can be verified.

Influencers on Purchase of Security Tools for
Automation (5-point scale)
3.7
3.2
2.9
2.8
2.4
Accuracy
Integration
Scalability
Ease of use
Price
Security

Percentage of Process Automation in Secops
29%
40%
31%
Manual
Automated
Fully Automatic

Importance of Automation for Achieving
SecOps Goals
33%
48%
16%
2%
Extremely important
Very important
Moderately important
Somewhat important

Importance of Breach Simulation Automation
For Achieving SecOps Goals
46%
38%
14%
2%
Extremely important
Very important
Moderately important
Somewhat important

Importance of Automation in Achieving Breach
Detection and Incident Response
47%
40%
12%
1%
47%
39%
12%
2%
Very important
Important
Somewhat important
Somewhat unimportant
Breach Detection IR

Network Security

Greatest Value Data for Early Breach Detection
60%
40%
Network data
Endpoint data

Data Stored for Incident Investigations
67%
51%
50%
3%
Flow data
Packet
information
Metadata
I don't know

Value of Network Metadata for Investigations
14%
65%
20%
1%
Extremely valuable
Very valuable
Moderately
valuable
Not very valuable

Vulnerability & Penetration Testing, and
Remediation

Impact on Critical Systems From Penetration
Testing
32%
52%
12%
3%
We have experienced an outage or serious
performance impact
We have not experienced an outage or serious
performance impact
We have not used penetration testing.
I don't know if we have used penetration testing.

Lack of Effectiveness of Vuln Mgmt. Systems
43%
42%
Attack-Path
Business Risk
Good to Poor

Security Budget Investments in Pre-breach
Readiness tools
8%
40%
19%
16%
10%
7%
We are not currently investing in this area
<10%
Between 11% and 15%
Between 16% and 20%
More than 20%
I don't know

Awareness of Commercially Available Attack
Path Identification Systems
29%
71%
Yes
No

Other Trends

Questions
Get the report at
http://bit.ly/2ngu7ZR

Unlocking High Fidelity Security

More Related Content

What's hot

Similar to Unlocking High Fidelity Security

More from Enterprise Management Associates

Recently uploaded

Unlocking High Fidelity Security