sc magazine & forescout survey results

© 2015 ForeScout Technologies,

• How well are IT security managers’ needs being met?

– Collaboration between IT security systems

– Automation of security controls

– Continuous monitoring and mitigation

• Finding: Huge gulf between expectation and reality


FIREWALL SIEM ATD ENDPOINT EMMVA PATCH

IBM

IBM


Gartner, “Designing an Adaptive Security

Architecture for Protection From Advanced

Attacks”, Neil MacDonald and Peter

Firstbrook, 12 February 2014, refreshed

November 19, 2014

“The end result should not be 12

silos of disparate information

security solutions. The end goal

should be that these different

capabilities integrate and share

information to build a security

protection system that is more

adaptive and intelligent overall.”

Figure 1. The Four Stages of an Adaptive Protection Architecture

Source: Gartner (February 2014)


• 345 corporate executives and consultants with

information security responsibility

• North America

• Diverse industries: Technology, financial, government,

healthcare, education, manufacturing, utilities, retail


“How many security systems (such as, antivirus, mobile device management, vulnerability assessment, firewall,

intrusion prevention, web security, email security, encryption, SIEM, data loss prevention, etc.) do you own?”

Answers were obtained by SC Magazine as part of 2015 IT Security Collaboration Market Study.

Antivirus

Mobile device management

Vulnerability assessment

Firewall

Intrusion prevention

Web security

Email security

Encryption

SIEM

Data loss prevention

13Or more security

systems


“Disregarding your SIEM (if you have one), how many of your security and IT management systems directly share

security-related context or control information with one another?”


Antivirus



Firewall


Web security

Email security

Encryption

SIEM


1to

3directly share

security-related context


“How many of your existing security systems (such as, vulnerability assessment, network behavior analysis, etc.)

and risk analysis systems (such as SIEM solutions) can mitigate risk /threats or remediate problems?”


Antivirus



Firewall


Web security

Email security

Encryption

SIEM


1to

3can mitigate risks

or remediate problems


“How helpful would it be if your IT security and management systems were to share information about devices,

applications, users, and vulnerabilities on your network?”


Antivirus



Firewall


Web security

Email security

Encryption

SIEM


95%

“Helpful or

Very Helpful”


“How helpful would it be if the majority of your security systems and risk analysis systems were linked to

automated security controls, such as firewalls, network access control or patch management systems?”


Antivirus



Firewall


Web security

Email security

Encryption

SIEM


93%

“Helpful or

Very Helpful”


1. Current state– Many different IT security systems are being used

– Information sharing between systems is rare

– Automated mitigation is rare

2. Desired state– Strongly desire more information sharing

– Strongly desire more automated mitigation

Antivirus



Firewall


Web security

Email security

Encryption

SIEM


The

Gap

Is

Huge


“More integrated controls would help our IT organization

identify, investigate, respond and resolve security

incidents”

Antivirus



Firewall


Web security

Email security

Encryption

SIEM

97%





incidents”

“Automated security controls would have allowed us to

avoid a compromise or reduce the impact of the

compromise that we experienced in the last year”

Antivirus



Firewall


Web security

Email security

Encryption

SIEM

97%

Antivirus



Firewall


Web security

Email security

Encryption

SIEM

57%





incidents”

“Automated security controls would have allowed us to

avoid a compromise or reduce the impact of the

compromise that we experienced in the last year”

“Automated security controls will help prevent future

compromise”

Antivirus



Firewall


Web security

Email security

Encryption

SIEM

97%

Antivirus



Firewall


Web security

Email security

Encryption

SIEM

57%

Antivirus



Firewall


Web security

Email security

Encryption

SIEM

78%



“Are your security processes (e.g. assessment and patching) mainly done on a periodic basis (weekly, monthly,

etc.) or mainly done continuously?”

“Continuous”Antivirus



Firewall


Web security

Email security

Encryption

SIEM

43%



“Are your security processes (e.g. assessment and patching) mainly done on a periodic basis (weekly, monthly,

etc.) or mainly done continuously?”

“Continuous”

“Planning to shift toward continuous in the next 12 to 24

months”

Antivirus



Firewall


Web security

Email security

Encryption

SIEM

43%

Antivirus



Firewall


Web security

Email security

Encryption

SIEM

64%

“Is your organization planning to shift your security processes toward more continuous monitoring and mitigation?”



IT Security Managers Reality

• Strongly want IT security

products to share information

• Very few IT security products

share information






products to automatically

mitigate threats


share information

• Very few products automatically

mitigate







mitigate threats

• Continuous monitoring and

mitigation


share information


mitigate

• Slightly less than half of

organizations practice

continuous monitoring







mitigate threats

• Continuous monitoring and

mitigation


share information


mitigate

• Slightly less than half of

organizations practice

continuous monitoring

GA

P