Documente Academic
Documente Profesional
Documente Cultură
Research Sponsors
Platinum
Gold
Silver
Research Current Perceptions
Cover Sheet Table of Contents Introduction
Highlights Security Posture and Concerns
Attack Surface Survey Research About CyberEdge
Future Plans The Road Ahead
Reduction Demographics Methodology Group
Table of Contents
Introduction................................................................................................................................ 3
Research Highlights................................................................................................................... 5
Section 1: Current Security Posture......................................................................................... 6
IT Security Budget Allocation.............................................................................................................. 6
Past Frequency of Successful Cyberattacks.................................................................................. 7
Future Likelihood of Successful Cyberattacks.............................................................................. 8
Security Posture by IT Domain............................................................................................................ 9
Network Security Technology Deployment Status................................................................... 10
Inspection Capabilities for SSL-encrypted Traffic......................................................................12
Backup Practices for Mobile Users Laptops.................................................................................13
Endpoint and Mobile Security Deployment Status.....................................................................14
Application and Data Security Technology Deployment Status...........................................17
Monitoring Capabilities for Privileged Users.................................................................................18
Section 2: Perceptions and Concerns....................................................................................19
Types of Cyberthreats...........................................................................................................................19
Mobile Devices (Still) in the Crosshairs......................................................................................... 20
Threat Intelligence Practices..............................................................................................................2 1
Security Information and Event Management Practices.........................................................22
Cloud Access Security Broker Practices........................................................................................23
Barriers to Establishing Effective Defenses..................................................................................24
Section 3: Attack Surface Reduction....................................................................................26
Technologies for Attack Surface Reduction................................................................................26
Frequency of Network Vulnerability Scans..................................................................................27
Host Remediation Strategies..............................................................................................................28
Section 4: Future Plans...........................................................................................................29
IT Security Budget Change.................................................................................................................29
Backpedaling on BYOD?..................................................................................................................... 30
Endpoint Protection Revolution........................................................................................................3 1
The Road Ahead....................................................................................................................... 32
Appendix 1: Survey Demographics........................................................................................34
Appendix 2: Research Methodology.....................................................................................36
Appendix 3: About CyberEdge Group................................................................................................36
Introduction
Introduction
Our journey into the depths of cyberthreat defens- v Eliminating all unnecessary protocols and ser-
es begins, therefore, with an assessment of respon- vices running on endpoints, servers, and other
dents perception of the effectiveness of their or- internal systems
ganizations investments and strategies relative to v Leveraging identity and access management
the prevailing threat landscape. We also provide solutions to implement a least-privileges policy
insight into the high-level definition of these strat-
egies based on the types of technological counter- This section of the report examines a few other
measures they incorporate. relevant tools and tactics that can also be applied
in this regard, including network access control
Section 2: Perceptions and Concerns (NAC) and file integrity monitoring (FIM) technol-
ogies, full-network scans for vulnerable systems,
Our exploration of cyberthreat defenses then shifts
and strategies for remediating malware-infected
from establishing baseline security postures to de-
devices.
termining the types and sources of cyberthreats that
concern todays organizations the most. Like the per-
ceived weaknesses identified in the previous section, Section 4: Future Plans
these concerns serve as an important indicator of
where and how it best makes sense for organizations Organizations can ill afford to stand still when it
to improve their cyberthreat defenses going forward. comes to maintaining effective cyberthreat de-
fenses. IT security teams must keep pace with the
This section of the report also investigates the rea- changes around them by making changes of their
sons for obtaining third-party threat intelligence, own. Some of their intentions will be revealed in Sec-
operating SIEM solutions, and investing in cloud ac- tion 2, where we cover the network, endpoint, mo-
cess security brokers (CASB) along with the fac- bile, and application security technologies planned
tors that most often inhibit todays organizations for acquisition in 2016. This section further explores
from establishing adequate cyberthreat defenses. their plans for the future.
Research Highlights
Section 1: Current Security Posture v Mobile threats on the rise. 65% of respondents
experienced an increase in mobile threats over
v Security takes a bigger bite. 85% of respon- the past year (page 20).
dents are spending more than 5% of their IT
budgets on security. Nearly a third are spending v Leveraging CASBs to protect sensitive data.
more than 16% (page 6). Preventing disclosure of sensitive data is the
leading reason why organizations are deploying
v Rising attacks, dwindling optimism. 76% were CASBs (page 23).
affected by a successful cyberattack in 2015,
while only 62% expect to fall victim again in 2016 v Employees are still to blame. Low security
(page 7). awareness among employees continues to be
v Mobile devices are the weakest link. For the third the greatest inhibitor to defending against cy-
consecutive year, mobile devices are perceived as berthreats, followed closely by too much data
IT securitys weakest link, closely followed by social for IT security teams to analyze (page 24).
media applications (page 9).
v Must-have network security investments. Section 3: Attack Surface Reduction
Next-generation firewalls are the top-ranked
network security technology planned for acquisi- v NAC extends its reign. NAC remains the top
tion in 2016, followed by threat intelligence services technology for reducing a networks attack surface
and user behavior analytics (page 10). (page 26).
v Massive exposure to SSL blind spots. Only a
third of respondents have the tools necessary to v Ignorance is bliss. Less than 45% of organiza-
inspect SSL-encrypted traffic for cyberthreats tions conduct full-network active vulnerability
(page 12). scans more than once per quarter (page 27).
v Critical laptop backup negligence. Only one in v Working harder not smarter. Nearly a third
five regularly backs up more than 80% of mobile continue to rely on manual efforts to remediate
users laptops (page 13). malware-infected hosts (page 28).
v Threats keeping us up at night. Malware, phish- v Fed up with inadequate endpoint defenses.
ing, and SSL-encrypted threats give IT security 86% are looking to replace or augment current
the most headaches (page 19). endpoint protection tools (page 31).
16-20%
18.5% Health Care 30.0%
13.9%
29.1% Government 28.6%
11-15% 19.7%
Retail 28.1%
26.7%
6-10%
28.9% Education 27.3%
12.7%
2-5% 21.2% Finance 24.1%
2.3%
1-2% Manufacturing 20.2%
9.2%
Figure 1: Percentage of IT budget allocated to security. Figure 2: Percentage spending 16% or more on security.
Section
Japan 1: Current Security Posture
74.6%
Mexico 74.4%
Singapore 72.9%
Past
United Frequency
Kingdom of Successful Cyberattacks
71.1%
Australia 63.2%
How many times do you estimate that your organizations global network has been compro-
mised by a successful cyberattack within the past 12 months? (n=943)
Figure 3: Frequency of successful attacks in the past Figure 4: Percentage compromised by at least one suc-
12 months. cessful attack in the past 12 months.
24.4%
11.6%
Figure 5: Likelihood of being successfully attacked in the Figure 6: Percentage indicating compromise is more likely
Not likely 23.7%
next 12 months. to occur than not in the next 12 months.
29.2%
26.4%
When asked about the likelihood that their organiza- Somewhat
24.4%
tions network would be compromised in the coming unlikely
...there are signs that pessimism32.7%
year, respondents were, for the third year in a row,
more optimistic than would seem warranted. Despite or perhaps its realism is increasing
46.0%
more than three-quarters indicating their organiza- Somewhat among respondents... 37.9%
likely
tions computing environment had been compro- 29.6%
mised within the past year (see Figure 3), only 62%
Further reinforcing this point is the finding that only
considered it somewhat likely or very likely that 16.1%
11.6% Very
of respondents consider it not likely that
it would happen again over the next 12 months (see 14.0%
their likely
organizations will be breached in 2016, com-
Figure 5).
pared to nearly one quarter who expressed8.5% that
same expectation for 2015.
That said, there are signs that pessimism or per-
haps its realism is increasing among respondents, Not surprisingly, the breakdown by country of re-
at least in relative terms. To begin with, the differ- spondents who consider it more likely than not
ential in the two statistics from above reflect- that their organizations will be compromised in the
ing the prior years actual occurrence of breaches coming year (see Figure 6) tracks closely with the
compared to the next years expected occurrence data on successful breaches experienced over the
of breaches has steadily decreased in each of the past 12 months (see Figure 4). Japan, Canada, Ger-
past three years, from a high of 23.0% to the cur- many, and the United States remain near the top
rent low of 13.5%. In other words, the degree of op- of each chart, while France claims the coveted last
timism is shrinking. (and most secure) spot in both cases.
On a scale of 1 to 5, with 5 being highest, rate your organizations overall security posture (abil-
ity to defend cyberthreats) in each of the following areas: (n=990)
Participants were requested to designate a deploy- In last years report we expressed our surprise that
ment status currently in use, planned for acquisi- both web application firewalls and advanced mal-
tion within 12 months, or no plans for a specified ware analysis had relatively low adoption rates
list of network security technologies. (Endpoint
just over 50% for each at the time. Well, it now ap-
and mobile security technologies are addressed in
a subsequent section.) pears that at least a few IT security decision makers
agreed with our point that these seem like particu-
Table 1 provides a visual and numerical representa-
larly worthwhile technologies to have, especially to
tion of the responses. Percentages in darker shades
correspond to higher frequency of adoption and/or counteract the increasing prevalence of targeted
acquisition plans. Percentages in lighter shades cor- application-layer attacks and rising volume of ad-
respond to lower adoption and/or acquisition plans. vanced persistent threats (APTs).
v Despite its declining rate of use, network anti- v With multiple flavors of analysis/analytics
virus remains atop the heap as the most fre- technologies (i.e., security, network, and user
quently deployed network security technology behavior) and SIEM rounding out the leader
in our list (at least for now). board for adoption in the coming year, its clear
that bolstering capabilities for monitoring and
v A healthy 10-point increase in its deployment
analyzing network traffic for the presence of
frequency vaulted data loss prevention (DLP)
cyberthreats remains a high priority for many
to be among the leading technologies, from its
organizations.
former position near the bottom of the list.
v Next-generation firewall (NGFW) is the top-rated Our closing observation for this table is a favor-
network security technology planned for acqui-
able one for most security solution providers: for
sition in 2016.
all but IDS/IPS, there was a decrease in the per-
v Threat intelligence services continue to exhibit centage of companies that indicated no plans to
a promising trajectory, with 38% of respondents acquire each of the listed technologies within the
signaling intent to acquire such a solution in 2016. next 12 months.
Inspection
Education Capabilities for 85.7%
SSL-encrypted Traffic
Manufacturing 83.8%
Describe your agreement with the following statement: My organization has the necessary
Health Care 82.5%
tools to inspect SSL-encrypted traffic for cyberthreats. (n=994)
Government 82.5%
2016 2015
Strongly 0.6%
Finance 88.6%
disagree 4.3%
Figure 8: Availability of tools for inspecting SSL-encrypt- Figure 9: Percentage agreeing somewhat or strongly.
Strongly 0.6%
ed network traffic. disagree 4.3%
Somewhat 3.8%
At first glance, the glass appears to be consider- disagree 8.4%
Finance 24.4%
Government 22.6%
Education 17.9%
What percentage
Retail of laptops used
16.9% by your mobile workforce are backed up regularly (daily or
Figure 10: Percentage of mobile users laptops backed up Figure 11: Percentage backing up 80% or more of mobile
regularly. users laptops.
On a global basis, only one in five respondents re- Given the number of easy-to-use, feature-rich, and
ported their organization regularly backs up more relatively affordable solutions available in the market,
than 80% of mobile users laptops. More than a it is somewhat inexplicable to us that laptop backup
third back up less than 40% of these highly ex- practices are currently so lackluster and we hope to
posed devices. see this change when we ask again next year!
25.2%
Table 4: Application and data security technologies in use and planned for acquisition.
Strongly disagree
Somewhat disagree
12.2%
29.5%
5.2% 1.0% Strongly agree
Somewhat agree
52.1%
Figure 12: Adequacy of privileged user
monitoring.
Participants were asked to indicate whether they be- user from within your ranks whom you need to worry
lieve their organization has invested adequately in about, but also any threat actor who manages to ob-
technology to monitor activities of users with elevat- tain credentials to one or more privileged accounts.
ed or privileged access rights (i.e., privileged users). So is it really a good thing that over half of our re-
At the same time that only three out of 10 respon- spondents (52.1%) only somewhat agree their orga-
dents are confident regarding their organizations nization has made adequate investments for monitor-
ability to monitor privileged users, its encouraging to ing privileged users? Suffice it to say, in our opinion,
see that only 6.2% feel their organization is negligent theres still plenty of room for improvement.
in this critically important area (see Figure 12). But
therein lies the rub, too. This is a critical area, period. And lets be clear, too, about another elephant in
the room. Privileged users/accounts are not the
With privileged accounts, were quite literally talking only ones that represent a significant risk to to-
about having access to the keys to the kingdom: the days organizations. According to the 2015 Verizon
ability to take down application servers and networks, Data Breach Investigations Report, more than half
gain access to reams of sensitive data, or surrepti- (50.7%) of the web application attacks in 2014 in-
tiously plant malcode on any device in the comput- volved the use of stolen credentials (i.e., compro-
ing environment. And its not just a rogue privileged mised user accounts). And although the result is
typically some sort of fraudulent activity (such as
unauthorized purchase of goods) as opposed to
...only three out of 10 respondents are the catastrophic takedown of ones network, the
losses incurred are still very real. As a result, its not
confident regarding their organizations just protection and monitoring of privileged users/
ability to monitor privileged users. accounts that IT security teams need to be con-
cerned with, but ultimately all users/accounts.
Types of Cyberthreats
On a scale of 1 to 5, with 5 being highest, rate your overall concern for each of the following
types of cyberthreats targeting your organization. (n=986)
2016 2015
Significant 1.7% Finance 81.7%
decrease 1.6%
Telecom & Technology 69.2%
Modest 3.0%
decrease 4.0% Retail 67.2%
30.4%
No change
35.1%
Manufacturing 62.7%
Figure 14: Change in volume of threats to mobile devices. Figure 15: Percentage perceiving an increased volume of
mobile threats.
2016 2015
Improve 65.9%
blocking threats 66.9%
Improve 46.4%
detecting threats 60.9%
Improve 39.0%
investigating threats 41.8%
For the second year in a row, supplemental (i.e., vices is to enhance an organizations ability to
third-party) threat intelligence services is one of block threats (65.9%). The next highest-ranking
the hottest areas in which organizations are invest- options improving threat detection capabilities
ing to bolster their cyberthreat defenses (see Table (46.4%) and improving threat investigation capa-
1). But how are IT security teams actually using this bilities (39.0%) both trail blocking by a consider-
valuable resource which can include everything able margin. Even further behind are the less-de-
from ordinary threat indicators (e.g., file hashes fense-oriented uses of keeping unwanted traffic
and reputation data) and threat data feeds (e.g., off the network (29.8%) and better enforcing cor-
malware analysis and trend data) to strategic in- porate policies (22.4%) (see Figure 16).
telligence (e.g., detailed information on adversar-
ies and their motivations, intentions, tactics, tech- These findings suggest that most organizations
niques, and procedures)? are still investing primarily in services that deliver
ordinary threat indicators and remain focused on
The answer, once again this year, is that the pre-
tactical value. As the intelligence-related practices
dominant use case for threat intelligence ser-
of IT security teams mature, however, we expect
to see increasing interest in richer sources of in-
formation to support strategic use cases (such as
...threat intelligence services is one informing an organizations longer-term security
of the hottest areas in which strategy and investment plans).
organizations are investing to bolster
Returning to the data, there were no notable differ-
their cyberthreat defenses. ences in the findings based on geography, vertical
industry, or size of company.
Our next query was intended to ascertain the spe- ly low rate of use for maintaining regulatory com-
cific ways that organizations are extracting value pliance (26.1%). We would have expected this use
from their investments in SIEM solutions. As nearly case to have ranked more highly, given the ability
nine out of 10 responding organizations are lever- of SIEM solutions to consolidate log/event data
aging (52.2%), or planning to acquire (35.5%), SIEM and produce countless reports, many of which are
solutions (as depicted in Table 1 earlier in this re- tailored to specific compliance regimes.
port), its interesting to note that SIEM technology
benefits IT organizations in so many ways. Less surprising was the lukewarm reception to au-
tomating incident response (42.6%). In general,
Improving threat detection (70.1%) was, by far, the among organizations of all types and sizes, we con-
predominant use case cited by respondents (see tinue to see an aversion to any sort of security au-
Figure 17). A bit surprising to us was the relative- tomation that could result in needless disruption of
users and essential business practices (e.g., being
quarantined/blocked when they shouldnt be).
Improving threat detection (70.1%)
was, by far, the predominant Just as with our similar question pertaining to threat
intelligence services, there were no notable differ-
use case cited by respondents. ences in the findings based on geography, vertical
industry, or size of company.
To granularly control access to cloud apps For just over six out of 10 respondents, the primary
33.3% objective of a CASB is to prevent the disclosure of
sensitive data (see Figure 18). Progressively less im-
To maintain regulatory compliance portant are the need to discover use of unsanctioned
26.5% applications (48.7%), the need to detect advanced
threats plaguing ones cloud services (44.0%), and
granularly controlling which users have access to
Figure 18: How cloud access security brokers are being
leveraged.
which cloud services (33.3%). Bringing up the rear,
just as with our similar question pertaining to SIEM
solutions, is the scenario of using a CASB to help
maintain regulatory compliance (26.5%).
In the fast-paced world of cloud applications and
SaaS, organizations are regularly facing security Most intriguing to us among these findings is the
challenges such as applications they dont manage, relatively low incidence of using CASBs to granu-
mobile devices they dont control, and users who larly control user access to cloud services. We see
dont think twice about sharing files among anyone this as signaling a liberalization of security policies
with the link. If the volume of acquisitions and major as enterprises enter the cloud era or at least in-
partnership deals from this past year is any indica- creased recognition that restricting users and be-
tion, then the answer to all of these issues (and pre- ing known for always saying no are less important
sumably many more) is CASBs. Analogous in many than finding/stopping threats and preventing un-
ways to their more familiar cousin, the secure web authorized migrations of sensitive data.
gateway, these Swiss Army knives of cloud appli-
cation and data protection have rapidly become an A final observation is that, unlike responses to the
essential security platform for organizations using previous two questions, there is a bit more varia-
cloud services which means just about everyone. tion for different geographies and vertical indus-
tries. For example, in a few instances, discovering
Again, though, just because a solution can do a doz- unsanctioned applications (France, Germany) or
en or so things to help with an organizations cy- detecting advanced threats (Brazil) were cited as
berthreat defenses doesnt mean every IT security the top use case. Similarly, in a few others (United
team is actually using all of the related capabilities. States, Mexico, education, and organizations with
So how are CASBs being used, at least at this early more than 10,000 employees), detecting advanced
point in their evolution, adoption, and implementa- threats jumped into second position, ahead of dis-
tion by todays enterprises? covering usage of unsanctioned applications.
3.48
Low security awareness
3.22
among employees
3.17
3.43
Too much data to analyze 3.10
2.98
3.42
Lack of skilled personnel 3.05
2.92
3.41
Lack of budget 3.10
3.15
3.40
Lack of management support /
3.01
awareness
2.93
3.38
Lack of contextual information 2.89
from security tools
n/a
Once again, users are the Achilles heel for most As for the biggest mover year-over-year, lack of
security programs, as low security awareness effective solutions in the market holds that dubi-
among employees tops the chart for the third ous honor, jumping more than half a rating point to
consecutive year. The next three inhibitors also re- climb out of its former position as the lowest-rated
tain positions in the top four for yet another year, inhibitor (now held by too many false positives).
2016 2015
47.4%
Penetration testing
48.3%
2016 2015
5.3%
Daily
4.2%
12.7%
Weekly
10.8%
25.9%
Monthly
23.4%
29.9%
Quarterly
29.2%
16.6%
Semi-annually
18.8%
9.6%
Annually
13.6%
2016 2015
13.6%
Wipe and re-image
the hard disk
24.8%
53.6%
Remotely execute
a remediation package
41.1%
32.8%
Manually remove malware
and restore configuration settings
34.2%
Also noteworthy is respondents relatively low af- These findings were fairly consistent across dif-
finity for the practice of wiping and re-imaging a ferent demographic cuts, with one notable ex-
hosts hard disk to remediate a malware infection. ception: adoption of remote remediation prac-
Presumably, IT security teams are not finding this tices lags in both the government (39.3%) and
approach effective (perhaps for preventing re-in- education (41.8%) verticals, where manual remedi-
fections). Also, they may not be adequately set ation efforts continue to have a stronger presence.
SectionTelecom
4: Future Plans
Telecom & Technology
& Technology 81.8% 81.8%
Manufacturing Manufacturing 77.3% 77.3%
Finance Finance 77.0% 77.0%
IT Security Budget
Health Care Health CareChange
76.7% 76.7%
Retail Retail 71.4% 71.4%
ecom & Technology Government 81.8%
Government 61.3% 61.3%
Do you expect your employers overall IT security budget to increase or decrease in 2016?
nufacturing 77.3%
Education 58.2% 58.2%
(n=982) Education
ance 77.0%
alth Care 76.7%
48% 48% 62% 74% Telecom
74% & Technology 81.8%
tail 71.4% 62%
vernment 61.3% Manufacturing 77.3%
ucation 2014 20142015
58.2% 20152016 2016
Finance 77.0%
Health Care 76.7%
62% 74%
Retail 71.4%
Figure 23: Percentage indicating security budget is grow- Figure 24: Percentage indicating security budget is grow-
ing.
48%
ing, by industry.
62% 74%
Backpedaling on BYOD?
When, if ever, do you expect your organization to implement a bring-your-own-device (BYOD) policy
to allow employee-owned devices to access confidential network data and/or applications? (n=977)
15.6%
Within the next 1-2 years 15.8%
19.8%
37.6%
Within the next year 28.7%
26.1%
26.3%
Already implemented 30.5%
31.2%
Two years ago, when we first asked about imple- sistent with accumulating anecdotal evidence, and
menting BYOD policies, the results were positively aligns with our earlier finding that most organiza-
bullish. Nearly a third of respondent organizations tions continue to employ a hodgepodge of technol-
had already done so and another quarter were plan- ogies for mobile device protection (see Table 3).
ning to formally embrace BYOD in the following year.
Other notable findings:
Last year yielded almost identical response rates,
suggesting that BYOD adoption plans had encoun- v Despite apparent difficulties in getting BYOD pro-
tered a hiccup (since the percentage having already grams off the ground in the past, more than half
implemented BYOD policies hadnt increased). of our respondents (53.2%) expect their organiza-
tion to do just that within the next two years.
Now, in our third year of asking this question, the
data definitively indicates a retreat in BYOD imple- v BYOD is decidedly unpopular among the gov-
mentations, down to 26.3% from 30.5% a year ago ernment crowd, with more than four in 10 re-
(see Figure 25). We can only guess at the reason for spondents indicating their organization has no
this backpedaling, but assume it has something to plans to adopt the practice.
do with discovering that BYOD programs are harder
to establish, manage, secure, and sell to users than
v In comparison, more than three-quarters of tele-
com/technology respondents expect their orga-
many organizations first thought. This theory is con-
nization to have a BYOD policy in place within
the next year.
v Larger organizations (>25,000 employees) have,
Now, in our third year of asking this at least thus far, been more aggressive than
question, the data definitively indicates their typically more nimble, smaller counter-
a retreat in BYOD implementations... parts (<500 employees), with BYOD adoption
rates of 37.9% and 25.2%, respectively.
13.9%
No plans 32.7%
to change
44.5%
42.2%
Evaluating 33.1%
to replace
21.7%
43.9%
Evaluating
34.2%
to augment
33.8%
Lets face it, the decreasing optimism expressed by v Adoption rates for key practices and technolo-
our survey respondents with 62.1% now expect- gies aimed at reducing a networks attack sur-
ing their organization will fall victim to a successful face such as penetration testing, file integrity
cyberattack in the coming year, compared to only monitoring, and conducting full-network vulner-
51.9% two years ago is not particularly surprising. ability scans more often than quarterly remain
fairly modest (see Figures 20 and 21).
To begin with, this finding tracks with the related
trend shown by the increasing number of organiza- v Nearly nine out of 10 respondents recognize that
tions that experienced at least one successful cyber- the anti-malware solution they are currently using
attack in the preceding 12 months (75.6% in 2015, up to defend their endpoints is not providing ade-
from 61.9% two years earlier). Then theres the harsh quate protection (see Figure 26).
reality that the industrialization of hacking makes it
All is not lost, though. On the positive side of the
substantially easier for attackers to succeed, while
ledger, anecdotal evidence indicates that cyberse-
an ever-growing attack surface makes it consider-
curity is now a board-level topic/concern for more
ably harder for IT security teams to counteract them.
organizations than at any time in the past. The fact
that security budgets are both healthy and growing
As this years survey results indicate, theres also is also an encouraging sign (see Figures 1 and 23).
the issue that many organizations still have plenty Having additional funding at their disposal should
of room to improve even in areas that would typi- enable enterprise security teams not only to fill
cally be considered core defenses. For example: known gaps in their organizations defenses, but
also to start getting ahead in the game.
v Along with social media applications, endpoint
computing devices of all types but especially Looking beyond the scope of this years survey,
mobile ones such as smartphones and tablets here are some key areas where we believe addi-
are recognized as relative weak spots in most tional/proactive attention and investments have
organizations defenses (see Figure 7). the potential to significantly enhance an organiza-
tions ability to defend against current and future
v Although they are among the leading solutions generations of cyberthreats.
planned for acquisition in the coming year, many
next-generation technologies most likely to be Cloud access security brokers. With nearly a doz-
effective against advanced malware and target- en significant acquisitions and partnerships in 2015
ed attacks such as security and user behavior alone including Blue Coat Systems (acquired Elas-
analytics, network behavior analysis, and cyber- tica and Perspecsys), Microsoft (acquired Adallom),
threat intelligence services show fairly modest Palo Alto Networks (acquired CirroSecure), Check
adoption rates (see Table 1). Point (partnered with FireLayers), Cisco (partnered
with Elastica), HP (partnered with Adallom) and For-
v More than half of todays security teams only cepoint (formerly Raytheon/Websense; partnered
somewhat agree that their organization has with Imperva) CASBs are undeniably one of the
the tools needed to inspect SSL-encrypted traf- hottest segments of the InfoSec market. And with
fic for cyberthreats and exfiltration of sensitive good reason. To begin with, just about every or-
data (see Figure 8). ganization on the planet needs one (or soon will).
v Only one in five organizations regularly backs Adoption of cloud applications and infrastructure
up at least 80% of their mobile users laptops (i.e., SaaS and IaaS solutions) both sanctioned and
(see Figure 10). not continues to accelerate, trailing behind it the
need to secure these services in a scalable way that
v Only a third of IT security professionals are con- transcends the highly inconsistent native features
fident that their organization is doing enough and functions of the cloud services themselves. Then
to monitor privileged user accounts for signs of theres the fact that leading solutions can do it all
misuse and/or compromise (see Figure 12). providing everything from visibility into Shadow IT
and cloud service usage to comprehensive access mind that employees (or more generally, users) have
control, data security, threat protection, and even been identified as the weakest link in organizations
compliance support. The net result is a win-win sce- ability to establish effective cyberthreat defenses
nario that we expect will lead CASBs to achieve en- for three consecutive years now (see Figure 19). So
terprise adoption rates on par with antivirus and fire- isnt it about time to do something more to mitigate
wall technologies within the next two to three years. against users as threats? Robust identity and access
And, if you want to get ahead of the curve, we also management policies, practices, and controls (e.g.,
see a similar scenario playing out for social media to really and truly implement a least-privileges secu-
application security brokers or whatever (hope- rity model) should be a big part of the plan. But were
fully better) name the market eventually settles on. thinking beyond that. After all, more data breaches
result from credential theft and threat actors mas-
Advanced web application protection. Theres a new querading as authorized users than from any other
wrinkle or at least sub-classification in the land- cause. In particular, we see user behavior analytics
scape of threats targeting web applications. Defined emerging as another technology that modern or-
in detail by the Open Web Application Security Proj- ganizations can use to get a better handle on the
ect (OWASP) in its recent handbook1 on the topic, au- user side of the security equation. Greater effort and
tomated threats have now been formally recognized investment in user awareness training also wouldnt
as the latest/greatest scourge plaguing the web ap- hurt. But were not holding our breath on that one.
plications upon which todays businesses have come
to rely. Characterized by the ease with which they Cyberthreat hunting. The 2015 Cyberthreat Defense
can be replicated/reused and their focus on abuse of Report explained that cyberthreat intelligence ser-
application functionality (rather than ordinary vulner- vices were evolving from delivering basic indicators
abilities), these threats which include account ag- (e.g., file hashes and reputation data) and threat
gregation, ad fraud, credential stuffing, card cracking, feeds to richer data about threat actors in general,
and site scraping (just to name a few) are not only as well as a given organizations most likely set of
pervasive but also inherently difficult for traditional adversaries. But so what? Richer data is completely
countermeasures to detect. As a result, defending worthless if no ones actually doing anything with it.
against them will require a corresponding wrinkle in That is pretty much what appears to be happening,
organizations security strategies. Specifically, just as at least at this point, as most organizations indicate
it has become best practice to bolster the effective- they are using cyberthreat intelligence services pri-
ness of ordinary firewalls and IDS/IPSs with integrat- marily to enhance the effectiveness of their threat
ed threat intelligence services, so too is it now making blocking infrastructure (see Figure 16). To take
good sense to do the same thing for web application greater advantage of the richer data available from
firewalls. One difference with this latter case, howev- leading cyberthreat intelligence services, IT security
er, is the need for the provisioned services to extend teams should establish a formal cyberthreat hunt-
beyond ordinary reputation and indicator of compro- ing program and explicitly task some subset of their
mise (IOC) data to deliver extensive bot-, device-, security architects with next-generation defense
and credential-focused intelligence. planning. The former is all about having a well-de-
fined process for leveraging intelligence to better
User-centric security. For several years now, pro-
detect and isolate advanced threats, while the latter
tecting the ultimate target with data-centric secu-
is about applying projected threat scenarios to help
rity or the immediate conduit to data with applica-
ensure the organizations defenses will be effective
tion-centric security has been a particular emphasis
two, three, and even five years down the road.
of the security industry at large. Its not that we want
to deter anyone too much from those entirely ap- For further insights on these and other emerging ar-
propriate objectives, but we cant help make the eas pertinent to IT security, be sure to tune in for the
observation that greater attention is also warranted fourth annual Cyberthreat Defense Report, currently
for what were labeling user-centric security. Keep in scheduled for release in the first quarter of 2017.
1. https://www.owasp.org/images/3/33/Automated-threat-handbook.pdf
Mexico
%
Singapore 7.6 %
.3
12.1% 12 Germany
CyberEdge Group developed a 26-question (10- to dont know choice to minimize the potential for
15-minute) web-based survey instrument in part- respondents to answer questions outside of their
nership with its sponsoring vendors. (No vendor respective domains of expertise, which altered the
names were referenced in the survey.) The survey sample size (n) for each set of survey question
was promoted to information security profession- responses.
als across North America, Europe, Asia Pacific, and
Latin America in November 2015. All qualified survey responses were inspected for
potential survey cheaters, meaning survey takers
Non-qualified survey responses from non-IT secu- who responded to questions in a consistent pattern
rity professionals and from participants employed (e.g., all A responses, A-B-C-A-B-C responses) in an
by an organization with fewer than 500 global attempt to complete the survey quickly in hopes of
employees were discarded. Most survey questions receiving the incentive. Suspected cheater survey
(aside from demographic questions) included a responses were deleted from the pool of responses.
CyberEdge Group is an award-winning research, marketing, and publishing firm serving the needs of information
security vendors and service providers. Our highly experienced consultants have in-depth technical expertise in
dozens of IT security technologies, including:
Copyright 2016, CyberEdge Group, LLC. All rights reserved. The CyberEdge Group name and logo are trademarks of
CyberEdge Group, LLC in the United States and other countries. All other trademarks and service marks are the property
of their respective owners.