EMA Megatrends in Cyber-Security

Please download to get full document.

View again

of 39
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Similar Documents
Information Report
Category:

Technology

Published:

Views: 0 | Pages: 39

Extension: PDF | Download: 0

Share
Description
These slides--based on the webinar from leading IT research firm Enterprise Management Associates (EMA)--reveal the current state of enterprise security readiness within the context of security management tools, issues, and practices.
Transcript
  • 1. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING David Monahan Managing Research Director Enterprise Management Associates EMA Megatrends in Cyber-Security
  • 2. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING2 © 2019 Enterprise Management Associates Watch the On-Demand Webinar • EMA Megatrends in Cyber-Security On-Demand webinar is available here: https://ema.wistia.com/medias/flzv8oangz • Check out upcoming webinars from EMA here: http://www.enterprisemanagement.com/freeResearch
  • 3. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING3 © 2019 Enterprise Management Associates, Inc. Today’s Speaker David Monahan, Managing Research Director, Security and Risk Management, EMA David is a senior information security executive with several years of experience. He has organized and managed both physical and information security programs, including security and network operations (SOCs and NOCs) for organizations ranging from Fortune 100 companies to local government and small public and private companies. He has diverse audit, compliance, risk, and privacy experience, such as providing strategic and tactical leadership to develop, architect, and deploy assurance controls, delivering process and policy documentation and training, and working on educational and technical solutions.
  • 4. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING4 © 2019 Enterprise Management Associates, Inc. Sponsors
  • 5. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING5 © 2019 Enterprise Management Associates, Inc. Demographics • 250 respondents • Focused on North America • 46% Director and above • Org Sizes: • 19% SMB, 48% Midsized, 33% Enterprise/18% VLE • Top 5 industries: • High-Tech, MSSP, Finance/Banking/Insurance, Manufacturing, Infrastructure/Utilities/Shipping • 58% of revenues fall between $20M and $1B USD • 13% below and 27% above • 50% of IT budgets fall between $5M and $50M USD • 17% below and 32% above • Average IT budget increase, between 10% and 25% • No decreases identified
  • 6. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING6 © 2019 Enterprise Management Associates, Inc. Ratio of company dollars spent on managed security services compared to total spend on security 2% 10% 16% 22% 37% 11% 2% 33% Greater than 90% Greater than 75% but not more than 90% Greater than 50% but not more than 75% Greater than 25% but not more than 50% Up to 25% We have none, but we are investigating We have none, and are not interested in investigating Average MSSP budget consumption
  • 7. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Security Initiatives
  • 8. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING8 © 2019 Enterprise Management Associates, Inc. Top five expanding security initiatives driving current priorities in the overall security program 65% 62% 60% 60% 59% Improving security monitoring of cloud environments Improving endpoint protection capabilities Improving security analytics capabilities Improving security visibility and context within the environment ITOps and DevOps integrations
  • 9. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Cloud in Security
  • 10. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING10 © 2019 Enterprise Management Associates, Inc. Security’s role in public cloud initiatives Leading roll in all, 58% Contributing role in all, 32% Leading role in some, 4% Contributing role in some, 6%
  • 11. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING11 © 2019 Enterprise Management Associates, Inc. Organizations currently using cloud to support SecOps and/or ITOps workloads or functions 98% 2% Yes No
  • 12. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING12 © 2019 Enterprise Management Associates, Inc. Many cloud consumers [errantly] believe the cloud providers are responsible for security 53% 21% 15% All or majority provider-owned Shared equally All or majority customer-owned
  • 13. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING13 © 2019 Enterprise Management Associates, Inc. Top three security challenges in public cloud 1. Security visibility within the cloud infrastructure due to provider limitations 2. Inability to meet compliance needs 3. Security visibility within the cloud infrastructure due to architectural limitations
  • 14. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING MSSP Adoption and Success
  • 15. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING15 © 2019 Enterprise Management Associates, Inc. Top three drivers for engaging an MSSP 55% 50% 38% MSSP does it better regardless of in-house skills or cost MSSP provides lower TCO than in-house MSSP delivers better ROI/Value
  • 16. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING16 © 2019 Enterprise Management Associates, Inc. Top three reasons why customers engage MSSP services over using internal SecOps 22% 21% 16% Reduce CapEx or OpEx Focus on increased innovation within IT Reduced downtime
  • 17. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING17 © 2019 Enterprise Management Associates, Inc. MSSP success levels vs. internal teams 51% 44% 4% 0% 0% 42% 52% 5% 0% 0% Successful Somewhat successful Neither successful nor unsuccessful Somewhat unsuccessful Unsuccessful MSSP Internal
  • 18. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Internal SecOps
  • 19. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING19 © 2019 Enterprise Management Associates, Inc. Alert Fatigue 227 224 Average # of total alerts Average # of critical alerts
  • 20. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING20 © 2019 Enterprise Management Associates, Inc. Inter-team handoff frustrations(cont’d) 68% 60% 42% 32% 32% 27% Inability to share data Inability to collect source data Inadequate storage to maintain data Internal politics Conflicts over data ownership Poor processes 76% of teams suffer from handoff frustrations
  • 21. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING21 © 2019 Enterprise Management Associates, Inc. Too many security consoles 65% 34% 1% 1% Actively trying to consolidate tools wherever possible Consolidating tools where possible when renewals come due Not activelytrying to consolidate Don't know 10% 22% Average # of security interfaces in enterprises (5K and greater employees) Largest numbers of interfaces (Commonly reported)
  • 22. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING22 © 2019 Enterprise Management Associates, Inc. Monitoring features providing the most value to SecOps 50% 44% 42% 37% 32% Automated event correlation and enrichment of security alerts Enhanced alert/alarm management Automated notifications/escalations Automated change management Automated trouble ticket generation and data gathering for analysis
  • 23. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Analytics
  • 24. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING24 © 2019 Enterprise Management Associates, Inc. Top three use cases for security analytics 55% 46% 41% Security process automation Predictive security analytics Security simulation
  • 25. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING25 © 2019 Enterprise Management Associates, Inc. Top three operational impediments for security analytics 47% 41% 36% Security data for analysis is straining storage capacity Internal skills or knowledge gaps Process and political issues in sharing data effectively among relevant stakeholders
  • 26. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING IoT Initiatives and Threats
  • 27. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING27 © 2019 Enterprise Management Associates, Inc. Organizations working on IoT initiatives 66% 18% 16% Yes No, and none planned No, but we are in the planning phase
  • 28. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING28 © 2019 Enterprise Management Associates, Inc. Perceived threat levels imposed by managed and unmanaged IoT devices in the environment 75% 10% 12% 2% 61% 24% 10% 5% High Moderate Low None Managed Unmanaged
  • 29. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING29 © 2019 Enterprise Management Associates, Inc. Attacks by IoT devices 27% 22% 20% 6% 25% My organization was attacked using an external IoT device My organization was attacked using an internal IoT device An internal IoT device was detected as part of an external attack An internal IoT device was detected as part of an internal attack None of the above
  • 30. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Endpoint Security
  • 31. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING31 © 2019 Enterprise Management Associates, Inc. Infection rates by malware class 38% 37% 31% 15% 27% ATA APT Ransomware Other destructive malware None that I am aware of
  • 32. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING32 © 2019 Enterprise Management Associates, Inc. Endpoint incidents that bypassed endpoint security, causing severe damage 77% 65% 39% 19% ATA APT Ransomware Other destructive malware
  • 33. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING33 © 2019 Enterprise Management Associates, Inc. Endpoint attacks bypassing current endpoint solutions that required six or more hours to resolve 48% 52% 26% 16% ATA APT Ransomware Other destructive malware
  • 34. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING Other Trends
  • 35. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING35 © 2019 Enterprise Management Associates, Inc. Frequency of sensitive data leakage from sharing and collaboration 27% 19% 24% 21% 8% Very often Often Sometimes Rarely I am not aware of any data leakage
  • 36. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING36 © 2019 Enterprise Management Associates, Inc. DDoS attacks on organizations 29% 24% 25% 22% Yes, we experienced an attack in the past 6 months Yes, we experienced an attack in the past 12 months Yes, but not in the last 12 months No, we have never experienced a DDoS
  • 37. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING37 © 2019 Enterprise Management Associates, Inc. Risk of damage from a DDoS now compared to one year ago 62% 22% 16% Increasing Neither increasing nor decreasing Significantly decreasing
  • 38. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING38 © 2019 Enterprise Management Associates, Inc. Perspectives on AI, ML, and Deep Learning 36% 49% 11% 4% AI has become a buzzword. I do not believe AI is commercially available. I believe AI is distinguishable from ML and DL and is offered in some solutions. I believe AI is distinguishable from ML and DL and is offered in numerous solutions. I have no real idea or means of making that distinction.
  • 39. IT & DATA MANAGEMENT RESEARCH, INDUSTRY ANALYSIS & CONSULTING39 © 2019 Enterprise Management Associates, Inc. Questions Get the report: http://bit.ly/2H7LSQX
  • We Need Your Support
    Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

    Thanks to everyone for your continued support.

    No, Thanks
    SAVE OUR EARTH

    We need your sign to support Project to invent "SMART AND CONTROLLABLE REFLECTIVE BALLOONS" to cover the Sun and Save Our Earth.

    More details...

    Sign Now!

    We are very appreciated for your Prompt Action!

    x