Documente Academic
Documente Profesional
Documente Cultură
20%
4% 4%
0%
Increase No Change Decrease
2015 451 Research, LLC.
This information is from 451 Research, and contains confidential business information.
It may not be copied or distributed without permission. 2015 451 Research, LLC. All rights reserved.
Security spending growth is greater among large and midsized organizations than
smaller ones (<250 employees).
How would you describe your organizations spending plans for overall
information security over the next 90 days?
< 250 250-1000 > 1000
employees employees employees
Increase 34% 46% 48%
Decrease 6% 4% 4%
No Change 61% 50% 48%
In terms of industry verticals, the spending increase is most pronounced in the healthcare
and retail industries. That is not surprising, given recent well-publicized data breaches for
companies in these industries (e.g., BlueCross BlueShield, Anthem, CVS).
The survey took a closer look at how security spending is being affected by recent headlines
on data breaches, along with reports that government regulatory authorities will be targeting
breached companies that fail to close known vulnerabilities.
A total of 31% said this is causing an increase in their spending for security (6% Significant
Increase; 25% Slight).
How are recent headlines on data breaches, and news that government
regulatory authorities will go after companies who are breached and did
not close known vulnerabilities, affecting your security spend over the
next 90 days?
Significant Increase 6%
Slight Increase 25%
No Change 68%
Slight Decrease 1%
Significant Decrease 0%
More than half (57%) of organizations include information security as part of their overall IT
budget. But such an all-encompassing budget method calls into question the security
managers ability to accurately track their investment and conduct cost-benefit analyses.
This information is from 451 Research, and contains confidential business information.
It may not be copied or distributed without permission. 2015 451 Research, LLC. All rights reserved.
2
Info Security Budget vs. Overall IT Budget
How would you broadly categorize your budgeting for
information security?
Other 2%
According to 451 Research security analyst Daniel Kennedy, Not being able to separate
information security as a discipline from overall information technology can create a conflict of
interest between the overall goals of IT versus those of security.
We note that the survey shows 39% of respondents saying their company has a dedicated
information security budget with 17% containing everything security related and 22%
containing resources directly attributed to security.
Looking ahead, Hackers/Crackers with Malicious Intent (22%) remains the top security threat
that respondents believe is inadequately covered by their organization and worries them
going forward. Preventing/Detecting Insider Espionage (18%) and Cyber-warfare (12%) are
additional key worries.
This information is from 451 Research, and contains confidential business information.
It may not be copied or distributed without permission. 2015 451 Research, LLC. All rights reserved.
3
Top Security Threats Going Forward
Which information security threat do you think is inadequately
covered today by your organization that worries you most going
forward?
Hackers/Crackers with Malicious Intent 22%
Preventing/Detecting Insider Espionage 18%
Cyber-warfare 12%
Internal Audit Deficiencies Based on Findings 7%
Industry Specific Compliance 7%
Compliance Requirements 6%
Comply with Customer/Client Requirements 6%
Performance Degradation Due to Compliance 6%
Risk of Lawsuit Due to Poor Security Controls 4%
Government Regulatory/Legal Compliance 3%
Comply with Partner/Supplier Requirements 3%
Other 6%
User Behavior (14%) is the leading internal IT security pain point, followed by Organizational
Politics/Lack of Attention to Information Security (11%).
This information is from 451 Research, and contains confidential business information.
It may not be copied or distributed without permission. 2015 451 Research, LLC. All rights reserved.
4
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM) solutions act as a central repository for
security events, along with the gathering and analyzing of information from a wide array of
systems, and utilizing threat intelligence to identify potential security problems. SIEM also has
a reputation for complexity, with systems historically being difficult to set up and maintain.
The previous 451 Alliance security survey in June found Security Information and Event
Management (SIEM) was the leading technology in terms of planned deployments over the
next 12 months.
In the current survey, better than one in two respondents (56%) say their organization already
has a SIEM solution deployed. Looking ahead, another 21% plan to deploy a SIEM solution
over the next 12 months.
SIEM solutions are more commonly used in large organizations of more than 1,000
employees (66%). Only 36% of small organizations (<250 employees) are currently using a
SIEM solution.
SIEM originated in compliance and auditing, but the survey shows SIEM has transcended its
origins. An overwhelming 92% of SIEM users say they would still have a SIEM solution in
place even if no compliance requirement existed.
Respondents were asked about how their company manages and monitors SIEM systems,
and the results reinforce the perception that SIEM solutions are complex.
A total of 57% of SIEM users say their company assigns multiple security professionals to
their SIEM, while only 15% manage and monitor the SIEM with a single employee. Another
14% depend on a third party to manage SIEM.
This information is from 451 Research, and contains confidential business information.
It may not be copied or distributed without permission. 2015 451 Research, LLC. All rights reserved.
5
Operations Management of SIEM
How are security operations and alerts for the security
information and event management (SIEM) handled at your
organization?
Multiple security professionals
57%
manage and monitor our SIEM
One security professional
15%
manages and monitors our SIEM
We depend on an external vendor/managed
14%
provider for our SIEM management
SIEM is primarily for forensics/incident
12%
response and is not actively monitored
Other 2%
The complexity of SIEM operations means it can take months or even years for the full
benefits of SIEM to be realized. Indeed, only 32% of respondents believe their company is
achieving greater than 80% utilization of their SIEM installation.
Nearly the same percentage (29%) say they are currently operating at less than 40% of the
efficacy they expected to get from installing their SIEM.
SIEM Inhibitors
We asked respondents about the primary inhibitors to adopting or fully utilizing a SIEM
solution. Lack of Staff Expertise (44%) ranks as the biggest inhibitor, with Inadequate
Staffing (28%) second, followed by Solution Complexity (25%).
SIEM Vendors
Respondents were asked which vendors theyre using for their SIEM solution. A third (33%)
report they are using Splunk, with IBM and HP tied for second (19%).
This information is from 451 Research, and contains confidential business information.
It may not be copied or distributed without permission. 2015 451 Research, LLC. All rights reserved.
6
SIEM Vendor Satisfaction
Overall satisfaction with SIEM products appears strong, with 43% of respondents saying
theyre very satisfied and 50% somewhat satisfied.
In terms of the top three vendors, Splunk (54%) received the highest very satisfied rating.
IBM (39%) came in second, followed by HP (29%).
HP 29% 65% 6%
Reason for Switching SIEM Vendors. Among SIEM users who have switched or plan to
switch vendors, Cost (18%) is cited as the primary reason, followed by Lack of Features/
Functionality (14%) and Product Usability (13%).
This information is from 451 Research, and contains confidential business information.
It may not be copied or distributed without permission. 2015 451 Research, LLC. All rights reserved.
7