2. About The Cyberthreat Defense Report
â 27-question online survey conducted in
Nov 2016
âȘ IT security decision maker or practitioner
âȘ Employed by organization with at least 500
employees
â Survey designed to assess:
âȘ Organizationâs security posture
âȘ Perceptions of cyberthreats and security
defenses
âȘ Current and future IT security investments
âȘ IT security practices and strategies
2
4. Steadily Rising Cyberattacks
4
79% were affected by a successful
cyberattack in 2016âŠ
Percentage compromised at least onceFrequency of successful attacks
5. Cyberthreat Migraines
5
Malware and spear-phishing are always top of
mind. Overall concern is rising!
Overall concern
for cyberthreats
is rising!
7. Responding to Ransomware
Percentage affected by ransomware in 2016
61% of organizations affected by ransomware
globally. Thankfully, most (54%) recovered their
data without paying the ransom.
8. Room for Improving Office 365 Security
8
Only 1 in 3 is truly confident with Microsoftâs
available Office 365 protections, opening the
door to third-party solutions.
9. Biggest Obstacles to âBeing Secureâ
âLow security
awareness among
employeesâ is the
biggest obstacle
for the fourth
consecutive year.
When will the
industry take
notice?
10. App and Data Security Deployment Plans
10
App security testing, app vulnerability
scanning, and deception technology
are most sought after in 2017.
12. CASB Deployment Use Cases
12
Preventing unwanted data disclosures
remains the number one use case for
deploying CASB technology.
13. Overcoming the IT Security Skills Shortage
13
Nine out of 10 organizations are affected by
the skills shortage. Most (51%) are
leveraging external vendors and contractors.
Percentage
affected by the IT
security skills
shortage, by
industry
14. Key Take-Aways
â Successful cyber attacks are rising!
âȘ 79% affected in 2017 vs. 62% in 2014
â Malware is the biggest headache for IT security teams
âȘ Followed by phishing and insider threats
â Ransomware is a significant issue
âȘ 61% of organizations affected
âȘ One-third paid the ransom
âȘ More than 13% lost their data
â CASBs are among the top investments planned for 2017
âȘ Address a growing area of concern
âȘ Rich feature set provides a lot of coverage/capabilities
14
17. enterprise
(CASB)
end-user devices
visibility & analytics
data protection
identity & access control
application
storage
servers
network
how does the solution differ from security built into
cloud apps?
app vendor
18. does the solution protect cloud data end-to-end?
â Cloud data doesnât exist only âin the cloudâ
â A complete solution must provide visibility
and control over data in the cloud
â Solution must also protect data on end-
user devices
â Leverage contextual access controls
19. can the solution control access from both managed &
unmanaged devices?
reverse proxy
â unmanaged devices - any device, anywhere
â no software to install/configure
forward proxy
â managed devices - inline control for installed apps
â agent and certificate based approaches
activesync proxy
â secure email, calendar, etc on any mobile device
â no software to install/configure
20. does the solution provide real-time visibility and
control?
â Apply granular DLP to data-at-rest and upon access
â Context-awareness should distinguish between users,
managed and unmanaged devices, and more
â Flexible policy actions (DRM, quarantine, remove
share, etc) required to mitigate overall risk
21. does the solution protect against unauthorized access?
â Cloud app identity management should
maintain the best practices of on-prem
identity
â Cross-app visibility into suspicious access
activity with actions like step-up multifactor
authentication
22. secure
office 365
+ byod
client:
â 35,000 employees globally
challenge:
â Inadequate native O365 security
â Controlled access from any device
â Limit external sharing
â Interoperable with existing infrastructure,
e.g. Bluecoat, ADFS
solution:
â Real-time data visibility and control
â DLP policy enforcement at upload or
download
â Quarantine externally-shared sensitive
files in cloud
â Controlled unmanaged device access
â Shadow IT & Breach discovery
fortune 50
healthcare
firm
23. â 15,000 employees in 190+ locations
globally
challenge:
â Mitigate risks of Google Apps adoption
â Prevent sensitive data from being stored
in the cloud
â Limit data access based on device risk
level
â Govern external sharing
solution:
â Inline data protection for unmanaged
devices/BYOD
â Bidirectional DLP
â Real-time sharing control
secure
google
apps +
byod
business
data giant
25. resources:
more info about cloud security
â whitepaper: the definitive guide to CASBs
â report: cyberthreat defense
â case study: fortune 100 healthcare firm secure
O365