451 Global Digital Infrastructure Alliance Report January 2016

Information Security Trends:

Latest 451 Alliance Survey Looks at Top Security Threats
Along with a Close-up Look at SIEM Adoption
About This Report
A September survey of 910 members of the 451 Global Digital Infrastructure Alliance looked
at key information security trends and challenges, including overall security spending. The
survey also focused on Security Information and Event Management (SIEM) one of the
leading technologies going forward in terms of planned deployments.

IT Security Spending Has Momentum. A robust 45% of respondents expect their

organizations IT security spending to increase over the next 90 days up 8 points since the
previous survey in June. Only 4% say spending will decrease.
Top Security Concerns. Hackers/Crackers with Malicious Intent (41.5%) ranks as the top
security concern among IT security professionals. Compliance Requirements (37.9%) comes
in second, followed by Industry Specific Compliance (34.3%).
Top Threats Going Forward. Hackers/Crackers with Malicious Intent (21.5%) also tops the
list of leading security threats that companies need to address going forward. Preventing/
Detecting Insider Espionage (17.9%) and Cyber-warfare (11.7%) are other top threats.
Security Information and Event Management (SIEM) Vendors. The number one SIEM
vendor is Splunk (33%), with IBM (19%) and HP (19%) tied for second. Splunk also received
the highest very satisfied rating (54%) from users.

Overall IT Security Spending

A robust 45% of respondents expect their organizations IT security spending to increase
over the next 90 days, up 8 points from the previous survey in June 2015. Another 4% say
spending will decrease unchanged from previously.

IT Security Spending Plans

How would you describe your organizations spending plans for
overall information security over the next 90 days?
59%
60%
51% Previous Survey (Jun 2015)
45%
Current Survey (Sep 2015)
37%
40%

20%
4% 4%
0%
Increase No Change Decrease
2015 451 Research, LLC.

This information is from 451 Research, and contains confidential business information.
It may not be copied or distributed without permission. 2015 451 Research, LLC. All rights reserved.
Security spending growth is greater among large and midsized organizations than
smaller ones (<250 employees).

How would you describe your organizations spending plans for overall
information security over the next 90 days?
< 250 250-1000 > 1000
employees employees employees
Increase 34% 46% 48%
Decrease 6% 4% 4%
No Change 61% 50% 48%

In terms of industry verticals, the spending increase is most pronounced in the healthcare
and retail industries. That is not surprising, given recent well-publicized data breaches for
companies in these industries (e.g., BlueCross BlueShield, Anthem, CVS).

Data Breaches Effect on Security Spending

The survey took a closer look at how security spending is being affected by recent headlines
on data breaches, along with reports that government regulatory authorities will be targeting
breached companies that fail to close known vulnerabilities.

A total of 31% said this is causing an increase in their spending for security (6% Significant
Increase; 25% Slight).

How are recent headlines on data breaches, and news that government
regulatory authorities will go after companies who are breached and did
not close known vulnerabilities, affecting your security spend over the
next 90 days?
Significant Increase 6%
Slight Increase 25%
No Change 68%
Slight Decrease 1%
Significant Decrease 0%

Security Budgets vs. Overall IT Budgets

More than half (57%) of organizations include information security as part of their overall IT
budget. But such an all-encompassing budget method calls into question the security
managers ability to accurately track their investment and conduct cost-benefit analyses.

This information is from 451 Research, and contains confidential business information.
It may not be copied or distributed without permission. 2015 451 Research, LLC. All rights reserved.
2
 Info Security Budget vs. Overall IT Budget
How would you broadly categorize your budgeting for
information security?

Dont have separate budget for

57%
info security, it's part of IT budget

Include people and cost of tools directly

22%
attributable to info security in security budget

Include both people and cost of all tools

17%
related to info security in security budget

Include only people resources

3%
in info security budget

Other 2%

2015 451 Research, LLC. 0% 20% 40% 60%

According to 451 Research security analyst Daniel Kennedy, Not being able to separate
information security as a discipline from overall information technology can create a conflict of
interest between the overall goals of IT versus those of security.
We note that the survey shows 39% of respondents saying their company has a dedicated
information security budget with 17% containing everything security related and 22%
containing resources directly attributed to security.

Top Security Concerns and Challenges

Respondents were asked about their top information security concerns over the past 90 days,
and 42% said it was Hackers/Crackers with Malicious Intent. Also ranking high on the list:
Compliance Requirements (38%) and Industry Specific Compliance (34%).

Top Info Security Concerns - Last 90 Days

What have been your top information security
concerns over the last 90 days?
Hackers/Crackers with Malicious Intent 42%
Compliance Requirements (Due Care) 38%
Industry Specific Compliance 34%
Internal Audit Deficiencies Based on Findings 31%
Government Regulatory/Legal Compliance 28%
Comply with Customer/Client Requirements 26%
Preventing/Detecting Insider Espionage 18%
Cyber-warfare 17%
Comply with Partner/Supplier Requirements 16%
Performance Degradation Due to Compliance 11%
Risk of Lawsuit Due to Poor Security Controls 10%
Other 4%

2015 451 Research, LLC. 0% 25% 50%

Looking ahead, Hackers/Crackers with Malicious Intent (22%) remains the top security threat
that respondents believe is inadequately covered by their organization and worries them
going forward. Preventing/Detecting Insider Espionage (18%) and Cyber-warfare (12%) are
additional key worries.
This information is from 451 Research, and contains confidential business information.
It may not be copied or distributed without permission. 2015 451 Research, LLC. All rights reserved.
3
 Top Security Threats Going Forward
Which information security threat do you think is inadequately
covered today by your organization that worries you most going
forward?
Hackers/Crackers with Malicious Intent 22%
Preventing/Detecting Insider Espionage 18%
Cyber-warfare 12%
Internal Audit Deficiencies Based on Findings 7%
Industry Specific Compliance 7%
Compliance Requirements 6%
Comply with Customer/Client Requirements 6%
Performance Degradation Due to Compliance 6%
Risk of Lawsuit Due to Poor Security Controls 4%
Government Regulatory/Legal Compliance 3%
Comply with Partner/Supplier Requirements 3%
Other 6%

2015 451 Research, LLC. 0% 5% 10% 15% 20% 25%

Internal IT Security Pain Points

User Behavior (14%) is the leading internal IT security pain point, followed by Organizational
Politics/Lack of Attention to Information Security (11%).

Top Internal Security Pain Points

What do you consider your top internal information security
pain point within your organization for the last 90 days?

User Behavior 14%

Politics/Lack of Attention to Security 11%
Compliance Related Requirements 9%
Staffing Information Security 8%
Malicious Software (Malware) 6%
Security Awareness Training 6%
Lack of Budget 5%
Vulnerability Management 5%
Data Loss/Theft 5%
Endpoint Security 4%
Accurate Monitoring of Security Events 4%
Application Security 4%
Mobile Device Security 3%
Cloud Security 3%
Keeping Up with New Technology 3%
Other 11%
2015 451 Research, LLC.

This information is from 451 Research, and contains confidential business information.
It may not be copied or distributed without permission. 2015 451 Research, LLC. All rights reserved.
4
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM) solutions act as a central repository for
security events, along with the gathering and analyzing of information from a wide array of
systems, and utilizing threat intelligence to identify potential security problems. SIEM also has
a reputation for complexity, with systems historically being difficult to set up and maintain.

The previous 451 Alliance security survey in June found Security Information and Event
Management (SIEM) was the leading technology in terms of planned deployments over the
next 12 months.

Which of the following security technologies does your organization

plan to begin using over the next 90 days?
Security Information and Event Management (SIEM) 18%

Mobile Device Management (MDM) Enterprise Mobility Management 17%

Vulnerability Assessment 13%

Dynamic and/or Static Application Security Tools (DAST/SAST) 11%

Intrusion Detection/Prevention Systems (IDS/IPS) 10%

None of the Above 50%

A Closer Look at SIEM

In the current survey, better than one in two respondents (56%) say their organization already
has a SIEM solution deployed. Looking ahead, another 21% plan to deploy a SIEM solution
over the next 12 months.

SIEM solutions are more commonly used in large organizations of more than 1,000
employees (66%). Only 36% of small organizations (<250 employees) are currently using a
SIEM solution.

SIEM originated in compliance and auditing, but the survey shows SIEM has transcended its
origins. An overwhelming 92% of SIEM users say they would still have a SIEM solution in
place even if no compliance requirement existed.

Managing and Monitoring SIEM Operations and Alerts

Respondents were asked about how their company manages and monitors SIEM systems,
and the results reinforce the perception that SIEM solutions are complex.

A total of 57% of SIEM users say their company assigns multiple security professionals to
their SIEM, while only 15% manage and monitor the SIEM with a single employee. Another
14% depend on a third party to manage SIEM.

This information is from 451 Research, and contains confidential business information.
It may not be copied or distributed without permission. 2015 451 Research, LLC. All rights reserved.
5
 Operations Management of SIEM
How are security operations and alerts for the security
information and event management (SIEM) handled at your
organization?
Multiple security professionals
57%
manage and monitor our SIEM
One security professional
15%
manages and monitors our SIEM
We depend on an external vendor/managed
14%
provider for our SIEM management
SIEM is primarily for forensics/incident
12%
response and is not actively monitored

Other 2%

2015 451 Research, LLC. 0% 20% 40% 60%

The complexity of SIEM operations means it can take months or even years for the full
benefits of SIEM to be realized. Indeed, only 32% of respondents believe their company is
achieving greater than 80% utilization of their SIEM installation.

Nearly the same percentage (29%) say they are currently operating at less than 40% of the
efficacy they expected to get from installing their SIEM.

SIEM Inhibitors

We asked respondents about the primary inhibitors to adopting or fully utilizing a SIEM
solution. Lack of Staff Expertise (44%) ranks as the biggest inhibitor, with Inadequate
Staffing (28%) second, followed by Solution Complexity (25%).

SIEM Vendors

Respondents were asked which vendors theyre using for their SIEM solution. A third (33%)
report they are using Splunk, with IBM and HP tied for second (19%).

SIEM Vendors in Use

Which of the following vendor(s) is your organization currently
using for Security Information and Event Management (SIEM)?
Splunk 33%
IBM 19%
HP 19%
SolarWinds 17%
Symantec 17%
Intel (McAfee) 16%
Open Source 14%
EMC (RSA) 13%
LogRhythm 10%
AlienVault 6%
Micro Focus (NetIQ) 4%
Trustwave 3%
EIQ Networks 1%
Other 15%
2015 451 Research, LLC.

This information is from 451 Research, and contains confidential business information.
It may not be copied or distributed without permission. 2015 451 Research, LLC. All rights reserved.
6
SIEM Vendor Satisfaction

Overall satisfaction with SIEM products appears strong, with 43% of respondents saying
theyre very satisfied and 50% somewhat satisfied.

In terms of the top three vendors, Splunk (54%) received the highest very satisfied rating.
IBM (39%) came in second, followed by HP (29%).

Customer Satisfaction by Vendor

Overall, how satisfied are you with your vendor? Please use a
0-10 scale where 0 is 'Not at All Satisfied' and 10 is 'Extremely
Satisfied.'

Splunk 54% 44% 1%

IBM 39% 52% 9%

HP 29% 65% 6%

Very Satisfied (8-10) Somewhat Satisfied (4-7) Unsatisfied (0-3)

2015 451 Research, LLC.

Likelihood of Switching SIEM Vendors. A total of 12% of respondents report their

organization is very likely to switch vendors over the next year. Another 30% say they are
somewhat likely, while three in five (59%) say they are unlikely to switch.

Reason for Switching SIEM Vendors. Among SIEM users who have switched or plan to
switch vendors, Cost (18%) is cited as the primary reason, followed by Lack of Features/
Functionality (14%) and Product Usability (13%).

This information is from 451 Research, and contains confidential business information.
It may not be copied or distributed without permission. 2015 451 Research, LLC. All rights reserved.
7