SlideShare ist ein Scribd-Unternehmen logo

The top challenges to expect in network security in 2019 survey report

Bricata, Inc.
Bricata, Inc.

The Bricata team conducted a survey to ask cybersecurity professionals about the challenges and opportunities they face in network security. 64% of respondents say network security is harder this year as compared to last and for a range of reasons. This includes the sophistication of threats, but also the proliferation of IT infrastructure and the complexity of environments given that changes stemming from cloud, IoT and BYOD, among others. While insider threats (44%) and IT infrastructure (42%) topped the list of network security challenges no single topic drew a simple majority. Lack of leadership support, security technology interoperability, shadow IT, BYOD and the deluge of security alerts were among the top 10. Most organizations used between 1-10 tools for the purpose of network security. About one-third of respondents said these tools were not integrated, while another 28% said these tools were just somewhat integrated. No respondents indicated tools in their environment were completely integrated. About a quarter (26%) of respondents say their organization receives 1,000 or more security alerts per day. More importantly, the vast majority (84%) say these require 5 or more minutes each to triage. “A decent number of false-positives waste quite a bit of time,” wrote one respondent. “On the other hand, some alerts are- -critical, but we are missing vital information, which we then spend ages trying to locate.” Some admit they just can’t review all alerts. While just about one-third (32%) say they are doing threat hunting today – a majority (61%) of respondents believe that threat hunting will be either more important or much more important in the next 12 months. Security analytics, security integration and behavioral analysis were the top three areas of security respondents said organizations should focus on over the next year. Interestingly, collaboration out ranked machine learning and AI as a recommended area of focus. Some 34% of respondents said the relationship between security and DevOps is strong, while 27% said it isn’t. By contrast, 51% of respondents said the relationship between security and the business is strong, while 22% said it isn’t.

Technologie
1 von 31
Downloaden Sie, um offline zu lesen
The Top Challenges in Network Security for 2019 A survey of security professionals identifies network security opportunities, risks and benchmarks CC BY-SA 4.0 by Bricata
Executive Summary • Network security is growing more difficult. 64% of respondents say network security is harder this year as compared to last and for a range of reasons. This includes the sophistication of threats, but also the proliferation of IT infrastructure and the complexity of environments given that changes stemming from cloud, IoT and BYOD, among others. • Insider threats and IT infrastructure complexity are the top challenges. While insider threats (44%) and IT infrastructure (42%) topped the list of network security challenges no single topic drew a simple majority. Lack of leadership support, security technology interoperability, shadow IT, BYOD and the deluge of security alerts were among the top 10. • Too many tools that don’t to talk to each other. Most organizations used between 1-10 tools for the purpose of network security. About one-third of respondents said these tools were not integrated, while another 28% said these tools were just somewhat integrated. No respondents indicated tools in their environment were completely integrated. • Networks security faces a deluge of alerts and can’t investigate them all. About a quarter (26%) of respondents say their organization receives 1,000 or more security alerts per day. More importantly, the vast majority (84%) say these require 5 or more minutes each to triage. “A decent number of false-positives waste quite a bit of time,” wrote one respondent. “On the other hand, some alerts are- -critical, but we are missing vital information, which we then spend ages trying to locate.” Some admit they just can’t review all alerts. • Threat hunting poised for growth. While just about one-third (32%) say they are doing threat hunting today – a majority (61%) of respondents believe that threat hunting will be either more important or much more important in the next 12 months. • Key network security areas to focus on in the next year. Security analytics, security integration and behavioral analysis were the top three areas of security respondents said organizations should focus on over the next year. Interestingly, collaboration out ranked machine learning and AI as a recommended area of focus. • Security has a stronger relationship with the business than it does with DevOps. Some 34% of respondents said the relationship between security and DevOps is strong, while 27% said it isn’t. By contrast, 51% of respondents said the relationship between security and the business is strong, while 22% said it isn’t. 2 | CC BY-SA 4.0 by Bricata
| 3 64% say securing the network is harder or much harder this year than last. 3 | CC BY-SA 4.0 by Bricata
Network security is growing more difficult Most respondents (64%) say network security is harder this year as compared to last, while about one-third (32%) say it’s neither harder or easier. When asked why in an open-ended question, respondents wrote in attributing challenges to several causes: • “Increasing array of threats and threat vectors, as more and more computer systems proliferate throughout offices.” • “Playing catch up because security wasn't a priority with this company until recently.” • “Increase in threats from third-party networks and IoT devices.” • “Doesn't feel like training and education is keeping pace for defenders with what attackers are capable of doing.” • “Hackers are using more complex and comprehensive tools and internal users seemingly are less aware of what they do to reduce protection.” • “More things keep getting added to the network, with more vulnerabilities.” • “Acquisitions have made it more challenging. Supporting both AWS and Azure are also testing our support limits as development rushes into this space headlong.” • “My responsibilities moved from a traditional hardware stack to AWS. Networking in AWS is a whole new ballgame to learn.” • “More deep hackings into previously thought solid safe spaces.” • “Ransomware variants are growing and threats are evolving.” 4 | CC BY-SA 4.0 by Bricata
| 5 5 | CC BY-SA 4.0 by Bricata
Network security faces a broad array of challenges The weakest point in network security may well rest between the keyboard and chair. Some 44% of respondents named insider threats as the single biggest threat in network security. In our assessment “insider threats” are not necessarily malicious and likely include accidental incidents set off by well-intended users inside the network. The top 10 challenges included: Those that selected “other” challenges to this question, wrote in to say understaffing, limited budgets and time constraints were key challenges in their organization. It’s important to note that no single challenge drew a majority of responses. This underscores the diversity of problems facing network security which vary by industry, IT environment and perhaps organizational culture. This reinforces the notion that there isn’t a single solution that will solve every security problem. 1) Insider threats – 44% 2) IT infrastructure complexity – 42% 3) Absence of leader support – 40% 4) Lack of tool interoperability – 37% 5) Shadow IT – 31% 6) Weak controls for provided access – 29% 7) Cloud visibility – 28% 8) BYOD – 26% 9) Too many alerts – 22% 10) Too many tools – 18% 6 | CC BY-SA 4.0 by Bricata
| 7 73% of have between 1 and 10 tools for network security 22% use between 11 and 20 tools for network security 7 | CC BY-SA 4.0 by Bricata
Most organizations use 1-10 tools for network security The majority of respondents (73%) said their organization uses between 1 and 10 tools for network security. About one-fifth (22%) said they use between 11-20 tools. While this particular question is exclusively focused on network security, the responses seem to nest well with other surveys we’ve observed. For example, a 2017 survey found roughly 70% of enterprises use between 10-50 tools across all sectors of cybersecurity including the network. Respondents noted tools alone aren’t the answer. Security technologies must be well planned, implemented properly, adequately resourced with thoroughly-trained security professionals. We will see this more clearly in the next question. 8 | CC BY-SA 4.0 by Bricata
| 9 9 | CC BY-SA 4.0 by Bricata
Security tools do not play well with each other This question brings granularity to the lack of interoperability among security tools. About one-third of respondents (32%) said tools in their organization simply do not share data. Another 28% said these tools were just somewhat integrated. When asked why in an open-ended question, respondents said the following: • “Tools are purchased without ever sending employees to training or bringing hands-on experience from the vendor to assist in integration. We just buy things and cross our fingers that it was a good investment. New leadership, new year, it is getting better.” • “Different vendor tools that don't communicate to one another.” • “Lack of standards for interoperability.” • “Varies by the 'brilliance' of the product.” • “They don't talk to each other. They do talk to the SIEM but that is not enough.” • “I inherited a hodge-podge of non-implemented or half-implemented projects.” • Different solutions have a greater probability of catching issues that the other may not.” We believe the problem has reached a critical mass and as a result, security integration will be added to the list of requirements in the security acquisition process. Enterprises will start demanding that new cybersecurity tools adhere to open standards, open APIs and readily allow the security operations center (SOC) to share data as they deem fit. 10 | CC BY-SA 4.0 by Bricata
| 11 26% say their organization receives 1,000 or more security alerts per day. 11 | CC BY-SA 4.0 by Bricata
| 12 84% say their organization requires 5 or more minutes to triage a security alert. 12 | CC BY-SA 4.0 by Bricata
| 13 82% say their organization spend too much time triaging alerts at least some of the time. 13 | CC BY-SA 4.0 by Bricata
Security cannot investigate every alert Most organizations get a deluge of alerts. A little more than one-third (35%) of respondents say their organization gets 100 or fewer alerts per day. About one-quarter (26%) of respondents put that number at more than 1,000 with 10% of those seeing more than 10,000 alerts. All remaining respondents fell somewhere between 100 and 1,000 daily alerts. These alerts require time to investigate. The vast majority (84%) say it takes five or more minutes to effectively triage an alert. This means an organization with 1,000 alerts – which is a modest example in this survey – would have to triage 12 alerts per hour, for nearly 3.5 days without pausing to get through all of these. The problem is compounded by the fact more alerts pour in all the time and some just require more time to vet properly. For example, 58% of respondents said alerts take double that time – 11 or more minutes to triage. The vast majority (82%) say their organization spends too much time investigating alerts at least some of the time. Much of this is caused by a high signal-to-noise ratio. Many alerts are false positives which overwhelms the resources security teams have at hand. “A decent number of false-positives waste quite a bit of time,” wrote one respondent. “On the other hand, some alerts are critical, but we are missing vital information, which we then spend ages trying to locate.” Some respondents candidly admitted they simply don’t investigate every alert, which risks a sophisticated threat slipping by in plain sight. It’s clear a better means of prioritizing and triaging alerts is needed. 14 | CC BY-SA 4.0 by Bricata
| 15 15 | CC BY-SA 4.0 by Bricata
| 16 61% think threat hunting will be more important over the next year. 16 | CC BY-SA 4.0 by Bricata
Threat hunting poised for growth Threat hunting grew out of the notion that sophisticated threat actors understand how traditional detection technologies work – and evade detection. Even newer tools that tap artificial intelligence and machine learning, aren’t perfect, because these technologies focus on finding variations of known threats. If the threat is new or the technique is novel there isn’t a variation to be detected. As a result, threat hunting is becoming one of the hottest trends in cybersecurity today. While just about one- third (32%) say they are doing threat hunting today – that doubles when asked about the future. A majority (61%) of respondents believe that threat hunting will be either more important or much more important in the next year or so. The findings are generally in line with another study focused on threat hunting conducted earlier this year. 17 | CC BY-SA 4.0 by Bricata
| 18 83% 89% 78% 77% 72% 71% 48% 21% 18 | CC BY-SA 4.0 by Bricata
Areas where security should focus Where should security organization focus their future efforts? On a weighted average based on a five-point scale (which takes into account those that think the concept is less or much less important) the answers stack up like this: Some observations include: • Security integration is liable to become a must-have requirement in procurement; • Behavioral analysis is rising because it’s harder to hide abnormal behavior on the network; • It’s interesting to see that collaboration tops machine learning and AI – human collaboration still matters; and • Signature detection will find 80% of the known malware, but a layered security posture with interwoven advanced capabilities is necessary for identifying sophisticated threats. 1) Security analytics (4.20) 2) Security integration (4.12) 3) Behavioral analysis (4.07) 4) Collaboration (4.00) 5) Machine learning / AI (3.97) 6) Threat hunting (3.88) 7) Signature detection (3.33) 19 | CC BY-SA 4.0 by Bricata
| 20 34% say the relationship cybersecurity has with DevOps is strong 27% say the relationship cybersecurity has with DevOps is NOT strong 20 | CC BY-SA 4.0 by Bricata
| 21 51% say the relationship cybersecurity has with the business is strong 22% say the relationship cybersecurity has with the business is NOT strong 21 | CC BY-SA 4.0 by Bricata
Stronger relationship with the business than DevOps Security seems to have a stronger relationship with the business than with DevOps. Some 34% of respondents said the relationship between cybersecurity and DevOps is strong, while 27% said it isn’t. By contrast, 51% of respondents said the relationship between cybersecurity and the business is strong, while 22% said it isn’t. On some level this makes sense: cybersecurity serves the business while it often finds itself at odds with the change management processes DevOps champions. This is because a newly revealed exploit will exist in a production environment and the risks associated with changing the production environment are precisely why the process is intentionally slow and methodical. Still, it’s surprising because conventional wisdom says both sides have similar goals and speak the same language. If the pace an innovation of threats in the modern cybersecurity landscape have thrust this relationship into focus. 22 | CC BY-SA 4.0 by Bricata
Security professionals in their own words This survey asked one final open-ended question – What is one thing you wish the business would understand about cybersecurity? – and it received 46 responses. A representative sample follows: • “What you get in results, will rarely be outdone by what you give; but what you get, can and almost always does, outweigh what you give.” • “Security culture is extremely important since people are the weakest link in the security chain.” • “It is a continuous process that must encompass every operating, development and planning activity within an institution.” • “That DevOps needs to communicate more clearly and ask security for help, DevOps should not be making security decisions.” • “Its easier with a lower TCO if done correctly up front than it is to try to fix problems after something has been deployed.” • “How much damage one human being can accidentally do through negligence.” • “Cybersecurity is a strategic investment.” • “It is everyone's business and responsibility.” • “It takes money to protect the enterprise, and the IT department requires an adequate budget to implement.” • “[Security] is complex and does not scale easily; it requires budget and FTEs.” • “An understanding of the resources required in order to achieve a rapid response could be improved.” A word cloud of all responses follows on the next page. 23 | CC BY-SA 4.0 by Bricata
| 24 24 | CC BY-SA 4.0 by Bricata
Survey demographics and methodology 25 | CC BY-SA 4.0 by Bricata
| 26 52% of respondents have 10 or more years of experience 26 | CC BY-SA 4.0 by Bricata
| 27 Included retail, consulting, HR and tourism 27 | CC BY-SA 4.0 by Bricata
| 28 28 | CC BY-SA 4.0 by Bricata
Survey methodology This survey was conducted online from November 1, 2018, until November 30, 2018. Survey respondents were solicited by email distributed through two third-party organizations with well-established cybersecurity subscribers. Sixty eight mostly senior respondents with more than 10 years of experience completed the survey. Respondents hailed from a wide distribution of industries. Respondents were most widely represented by technology (29%) and financial (22%) vertical markets, though many also stem from government, education, healthcare and non-profit. Respondents were incentivized with a chance to win one of three $50 gift cards. 29 | CC BY-SA 4.0 by Bricata
Recommended resources • Here’s What Network Threat Hunting Means, Why It Matters, and How to Get Started [blog] • 7 Simple but Effective Threat Hunting Tips from a Veteran Threat Hunter [blog] • Layers of Cybersecurity: Signature Detection vs. Network Behavioral Analysis [blog] • 7 Security Trends Shaping Intrusion Detection Technology [blog] • Snort, Suricata and Bro: 3 Open Source Technologies for Securing Modern Networks [blog] • Introduction to Network Threat Hunting [webinar] • Threat Hunting: Finding Hidden & Undetected Network Threats [webinar] Connect with Bricata on Twitter, LinkedIn or Facebook. 30 | CC BY-SA 4.0 by Bricata
About Bricata, Inc. Bricata is the leader in comprehensive network protection. The Bricata flagship solution provides unparalleled network visibility, full-spectrum threat detection, true threat hunting, and threat resolution capabilities in an intuitive, tightly-integrated and self- managing system. Its automated detection, productive GUIs, and expert system workflows make it easy-to-use for novices; while granular control of its engines, access to rich network metadata and PCAPs, and true threat hunting capabilities give experts the power and control they demand. Bricata has been proven to speed incident resolution by eight times by reliably detecting threats and providing the context necessary to get to the truth quickly and act. For more information visit www.bricata.com.

Empfohlen

2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response SurveyFireEye, Inc.
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
Impacts cloud remote_workforce
Impacts cloud remote_workforceImpacts cloud remote_workforce
Impacts cloud remote_workforceRodrigo Varas
 
VIPRE --Responding to Cyberattacks
VIPRE --Responding to CyberattacksVIPRE --Responding to Cyberattacks
VIPRE --Responding to CyberattacksAbhishek Sood
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014Peggy Lawless
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
 
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...FireEye, Inc.
 

Empfohlen

2013 Incident Response Survey
2013 Incident Response Survey2013 Incident Response Survey
2013 Incident Response SurveyFireEye, Inc.
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
Impacts cloud remote_workforce
Impacts cloud remote_workforceImpacts cloud remote_workforce
Impacts cloud remote_workforceRodrigo Varas
 
VIPRE --Responding to Cyberattacks
VIPRE --Responding to CyberattacksVIPRE --Responding to Cyberattacks
VIPRE --Responding to CyberattacksAbhishek Sood
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
EndpointSecurityConcerns2014
EndpointSecurityConcerns2014EndpointSecurityConcerns2014
EndpointSecurityConcerns2014Peggy Lawless
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
 
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...FireEye, Inc.
 
google-experts-VS-regular-users
google-experts-VS-regular-usersgoogle-experts-VS-regular-users
google-experts-VS-regular-usersThomas Hughes
 
2010 GISS EY
2010 GISS EY2010 GISS EY
2010 GISS EYVladimir Matviychuk
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesLiberteks
 
edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) Eoin Keary
 
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security AutomationHexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automationbarbara bogue
 
University-of-Miami_MEDINA
University-of-Miami_MEDINAUniversity-of-Miami_MEDINA
University-of-Miami_MEDINAKelvin Medina, CISSP, PA-QSA, QSA, GCIH, CISA, ITIL
 
McAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMcAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMatthew Rosenquist
 
2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity SurveyAdobe
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletterDominic Vogel
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016Ulf Mattsson
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attackAndreanne Clarke
 
Idge dell reignite2014 qp #2
Idge dell reignite2014 qp #2Idge dell reignite2014 qp #2
Idge dell reignite2014 qp #2jmariani14
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyMighty Guides, Inc.
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
The Security Challenge: What's Next?
The Security Challenge: What's Next?The Security Challenge: What's Next?
The Security Challenge: What's Next?Cognizant
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
Cybersecurity Quarterly Benchmarks Q1 2022
Cybersecurity Quarterly Benchmarks Q1 2022Cybersecurity Quarterly Benchmarks Q1 2022
Cybersecurity Quarterly Benchmarks Q1 2022Gartner Peer Insights
 
Research insights - state of network security
Research insights - state of network securityResearch insights - state of network security
Research insights - state of network securityMiguel Mello
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 

Weitere ähnliche Inhalte

Was ist angesagt?

google-experts-VS-regular-users
google-experts-VS-regular-usersgoogle-experts-VS-regular-users
google-experts-VS-regular-usersThomas Hughes
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesLiberteks
 
edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) Eoin Keary
 
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security AutomationHexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automationbarbara bogue
 
McAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMcAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMatthew Rosenquist
 
2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity SurveyAdobe
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016Ulf Mattsson
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attackAndreanne Clarke
 
Idge dell reignite2014 qp #2
Idge dell reignite2014 qp #2Idge dell reignite2014 qp #2
Idge dell reignite2014 qp #2jmariani14
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyMighty Guides, Inc.
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsFrederic Roy-Gobeil, CPA, CGA, M.Tax.
 
The Security Challenge: What's Next?
The Security Challenge: What's Next?The Security Challenge: What's Next?
The Security Challenge: What's Next?Cognizant
 

Was ist angesagt? (17)

google-experts-VS-regular-users
google-experts-VS-regular-usersgoogle-experts-VS-regular-users
google-experts-VS-regular-users
 
2010 GISS EY
2010 GISS EY2010 GISS EY
2010 GISS EY
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for Dummies
 
edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019)
 
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security AutomationHexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
 
University-of-Miami_MEDINA
University-of-Miami_MEDINAUniversity-of-Miami_MEDINA
University-of-Miami_MEDINA
 
McAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMcAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats Predictions
 
2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletter
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive era
 
How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attack
 
Idge dell reignite2014 qp #2
Idge dell reignite2014 qp #2Idge dell reignite2014 qp #2
Idge dell reignite2014 qp #2
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of ThingsDelve Labs - Upcoming Security Challenges for the Internet of Things
Delve Labs - Upcoming Security Challenges for the Internet of Things
 
The Security Challenge: What's Next?
The Security Challenge: What's Next?The Security Challenge: What's Next?
The Security Challenge: What's Next?
 

Ähnlich wie The top challenges to expect in network security in 2019 survey report

Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
Cybersecurity Quarterly Benchmarks Q1 2022
Cybersecurity Quarterly Benchmarks Q1 2022Cybersecurity Quarterly Benchmarks Q1 2022
Cybersecurity Quarterly Benchmarks Q1 2022Gartner Peer Insights
 
Research insights - state of network security
Research insights - state of network securityResearch insights - state of network security
Research insights - state of network securityMiguel Mello
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
NEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfNEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfIDG
 
The State of IT Security for 2019
The State of IT Security for 2019The State of IT Security for 2019
The State of IT Security for 2019Precisely
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...Symantec
 
CompTIA International Trends in Cybersecurity
CompTIA International Trends in CybersecurityCompTIA International Trends in Cybersecurity
CompTIA International Trends in CybersecurityCompTIA
 
Guide to high volume data sources for SIEM
Guide to high volume data sources for SIEMGuide to high volume data sources for SIEM
Guide to high volume data sources for SIEMJoseph DeFever
 
SVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation ReportSVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation ReportSilicon Valley Bank
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
 
2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summary2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summarypatmisasi
 
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsCybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsIvanti
 
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -Marcello Marchesini
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Dave Darnell
 
Insecure magazine - 51
Insecure magazine - 51Insecure magazine - 51
Insecure magazine - 51Felipe Prado
 
INSECURE Magazine - 42
INSECURE Magazine - 42INSECURE Magazine - 42
INSECURE Magazine - 42Felipe Prado
 
20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final Results20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final ResultsCIONET
 

Ähnlich wie The top challenges to expect in network security in 2019 survey report (20)

Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
Cybersecurity Quarterly Benchmarks Q1 2022
Cybersecurity Quarterly Benchmarks Q1 2022Cybersecurity Quarterly Benchmarks Q1 2022
Cybersecurity Quarterly Benchmarks Q1 2022
 
Research insights - state of network security
Research insights - state of network securityResearch insights - state of network security
Research insights - state of network security
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
 
NEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfNEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdf
 
The State of IT Security for 2019
The State of IT Security for 2019The State of IT Security for 2019
The State of IT Security for 2019
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
 
CompTIA International Trends in Cybersecurity
CompTIA International Trends in CybersecurityCompTIA International Trends in Cybersecurity
CompTIA International Trends in Cybersecurity
 
Guide to high volume data sources for SIEM
Guide to high volume data sources for SIEMGuide to high volume data sources for SIEM
Guide to high volume data sources for SIEM
 
SVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation ReportSVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation Report
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security Study
 
2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summary2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summary
 
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 TrendsCybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
 
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
 
Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16Cyber security white paper final PMD 12_28_16
Cyber security white paper final PMD 12_28_16
 
Password in 2022
Password in 2022Password in 2022
Password in 2022
 
Insecure magazine - 51
Insecure magazine - 51Insecure magazine - 51
Insecure magazine - 51
 
INSECURE Magazine - 42
INSECURE Magazine - 42INSECURE Magazine - 42
INSECURE Magazine - 42
 
20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final Results20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final Results
 

Kürzlich hochgeladen

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Kürzlich hochgeladen (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

The top challenges to expect in network security in 2019 survey report

  • 1. The Top Challenges in Network Security for 2019 A survey of security professionals identifies network security opportunities, risks and benchmarks CC BY-SA 4.0 by Bricata
  • 2. Executive Summary • Network security is growing more difficult. 64% of respondents say network security is harder this year as compared to last and for a range of reasons. This includes the sophistication of threats, but also the proliferation of IT infrastructure and the complexity of environments given that changes stemming from cloud, IoT and BYOD, among others. • Insider threats and IT infrastructure complexity are the top challenges. While insider threats (44%) and IT infrastructure (42%) topped the list of network security challenges no single topic drew a simple majority. Lack of leadership support, security technology interoperability, shadow IT, BYOD and the deluge of security alerts were among the top 10. • Too many tools that don’t to talk to each other. Most organizations used between 1-10 tools for the purpose of network security. About one-third of respondents said these tools were not integrated, while another 28% said these tools were just somewhat integrated. No respondents indicated tools in their environment were completely integrated. • Networks security faces a deluge of alerts and can’t investigate them all. About a quarter (26%) of respondents say their organization receives 1,000 or more security alerts per day. More importantly, the vast majority (84%) say these require 5 or more minutes each to triage. “A decent number of false-positives waste quite a bit of time,” wrote one respondent. “On the other hand, some alerts are- -critical, but we are missing vital information, which we then spend ages trying to locate.” Some admit they just can’t review all alerts. • Threat hunting poised for growth. While just about one-third (32%) say they are doing threat hunting today – a majority (61%) of respondents believe that threat hunting will be either more important or much more important in the next 12 months. • Key network security areas to focus on in the next year. Security analytics, security integration and behavioral analysis were the top three areas of security respondents said organizations should focus on over the next year. Interestingly, collaboration out ranked machine learning and AI as a recommended area of focus. • Security has a stronger relationship with the business than it does with DevOps. Some 34% of respondents said the relationship between security and DevOps is strong, while 27% said it isn’t. By contrast, 51% of respondents said the relationship between security and the business is strong, while 22% said it isn’t. 2 | CC BY-SA 4.0 by Bricata
  • 3. | 3 64% say securing the network is harder or much harder this year than last. 3 | CC BY-SA 4.0 by Bricata
  • 4. Network security is growing more difficult Most respondents (64%) say network security is harder this year as compared to last, while about one-third (32%) say it’s neither harder or easier. When asked why in an open-ended question, respondents wrote in attributing challenges to several causes: • “Increasing array of threats and threat vectors, as more and more computer systems proliferate throughout offices.” • “Playing catch up because security wasn't a priority with this company until recently.” • “Increase in threats from third-party networks and IoT devices.” • “Doesn't feel like training and education is keeping pace for defenders with what attackers are capable of doing.” • “Hackers are using more complex and comprehensive tools and internal users seemingly are less aware of what they do to reduce protection.” • “More things keep getting added to the network, with more vulnerabilities.” • “Acquisitions have made it more challenging. Supporting both AWS and Azure are also testing our support limits as development rushes into this space headlong.” • “My responsibilities moved from a traditional hardware stack to AWS. Networking in AWS is a whole new ballgame to learn.” • “More deep hackings into previously thought solid safe spaces.” • “Ransomware variants are growing and threats are evolving.” 4 | CC BY-SA 4.0 by Bricata
  • 5. | 5 5 | CC BY-SA 4.0 by Bricata
  • 6. Network security faces a broad array of challenges The weakest point in network security may well rest between the keyboard and chair. Some 44% of respondents named insider threats as the single biggest threat in network security. In our assessment “insider threats” are not necessarily malicious and likely include accidental incidents set off by well-intended users inside the network. The top 10 challenges included: Those that selected “other” challenges to this question, wrote in to say understaffing, limited budgets and time constraints were key challenges in their organization. It’s important to note that no single challenge drew a majority of responses. This underscores the diversity of problems facing network security which vary by industry, IT environment and perhaps organizational culture. This reinforces the notion that there isn’t a single solution that will solve every security problem. 1) Insider threats – 44% 2) IT infrastructure complexity – 42% 3) Absence of leader support – 40% 4) Lack of tool interoperability – 37% 5) Shadow IT – 31% 6) Weak controls for provided access – 29% 7) Cloud visibility – 28% 8) BYOD – 26% 9) Too many alerts – 22% 10) Too many tools – 18% 6 | CC BY-SA 4.0 by Bricata
  • 7. | 7 73% of have between 1 and 10 tools for network security 22% use between 11 and 20 tools for network security 7 | CC BY-SA 4.0 by Bricata
  • 8. Most organizations use 1-10 tools for network security The majority of respondents (73%) said their organization uses between 1 and 10 tools for network security. About one-fifth (22%) said they use between 11-20 tools. While this particular question is exclusively focused on network security, the responses seem to nest well with other surveys we’ve observed. For example, a 2017 survey found roughly 70% of enterprises use between 10-50 tools across all sectors of cybersecurity including the network. Respondents noted tools alone aren’t the answer. Security technologies must be well planned, implemented properly, adequately resourced with thoroughly-trained security professionals. We will see this more clearly in the next question. 8 | CC BY-SA 4.0 by Bricata
  • 9. | 9 9 | CC BY-SA 4.0 by Bricata
  • 10. Security tools do not play well with each other This question brings granularity to the lack of interoperability among security tools. About one-third of respondents (32%) said tools in their organization simply do not share data. Another 28% said these tools were just somewhat integrated. When asked why in an open-ended question, respondents said the following: • “Tools are purchased without ever sending employees to training or bringing hands-on experience from the vendor to assist in integration. We just buy things and cross our fingers that it was a good investment. New leadership, new year, it is getting better.” • “Different vendor tools that don't communicate to one another.” • “Lack of standards for interoperability.” • “Varies by the 'brilliance' of the product.” • “They don't talk to each other. They do talk to the SIEM but that is not enough.” • “I inherited a hodge-podge of non-implemented or half-implemented projects.” • Different solutions have a greater probability of catching issues that the other may not.” We believe the problem has reached a critical mass and as a result, security integration will be added to the list of requirements in the security acquisition process. Enterprises will start demanding that new cybersecurity tools adhere to open standards, open APIs and readily allow the security operations center (SOC) to share data as they deem fit. 10 | CC BY-SA 4.0 by Bricata
  • 11. | 11 26% say their organization receives 1,000 or more security alerts per day. 11 | CC BY-SA 4.0 by Bricata
  • 12. | 12 84% say their organization requires 5 or more minutes to triage a security alert. 12 | CC BY-SA 4.0 by Bricata
  • 13. | 13 82% say their organization spend too much time triaging alerts at least some of the time. 13 | CC BY-SA 4.0 by Bricata
  • 14. Security cannot investigate every alert Most organizations get a deluge of alerts. A little more than one-third (35%) of respondents say their organization gets 100 or fewer alerts per day. About one-quarter (26%) of respondents put that number at more than 1,000 with 10% of those seeing more than 10,000 alerts. All remaining respondents fell somewhere between 100 and 1,000 daily alerts. These alerts require time to investigate. The vast majority (84%) say it takes five or more minutes to effectively triage an alert. This means an organization with 1,000 alerts – which is a modest example in this survey – would have to triage 12 alerts per hour, for nearly 3.5 days without pausing to get through all of these. The problem is compounded by the fact more alerts pour in all the time and some just require more time to vet properly. For example, 58% of respondents said alerts take double that time – 11 or more minutes to triage. The vast majority (82%) say their organization spends too much time investigating alerts at least some of the time. Much of this is caused by a high signal-to-noise ratio. Many alerts are false positives which overwhelms the resources security teams have at hand. “A decent number of false-positives waste quite a bit of time,” wrote one respondent. “On the other hand, some alerts are critical, but we are missing vital information, which we then spend ages trying to locate.” Some respondents candidly admitted they simply don’t investigate every alert, which risks a sophisticated threat slipping by in plain sight. It’s clear a better means of prioritizing and triaging alerts is needed. 14 | CC BY-SA 4.0 by Bricata
  • 15. | 15 15 | CC BY-SA 4.0 by Bricata
  • 16. | 16 61% think threat hunting will be more important over the next year. 16 | CC BY-SA 4.0 by Bricata
  • 17. Threat hunting poised for growth Threat hunting grew out of the notion that sophisticated threat actors understand how traditional detection technologies work – and evade detection. Even newer tools that tap artificial intelligence and machine learning, aren’t perfect, because these technologies focus on finding variations of known threats. If the threat is new or the technique is novel there isn’t a variation to be detected. As a result, threat hunting is becoming one of the hottest trends in cybersecurity today. While just about one- third (32%) say they are doing threat hunting today – that doubles when asked about the future. A majority (61%) of respondents believe that threat hunting will be either more important or much more important in the next year or so. The findings are generally in line with another study focused on threat hunting conducted earlier this year. 17 | CC BY-SA 4.0 by Bricata
  • 18. | 18 83% 89% 78% 77% 72% 71% 48% 21% 18 | CC BY-SA 4.0 by Bricata
  • 19. Areas where security should focus Where should security organization focus their future efforts? On a weighted average based on a five-point scale (which takes into account those that think the concept is less or much less important) the answers stack up like this: Some observations include: • Security integration is liable to become a must-have requirement in procurement; • Behavioral analysis is rising because it’s harder to hide abnormal behavior on the network; • It’s interesting to see that collaboration tops machine learning and AI – human collaboration still matters; and • Signature detection will find 80% of the known malware, but a layered security posture with interwoven advanced capabilities is necessary for identifying sophisticated threats. 1) Security analytics (4.20) 2) Security integration (4.12) 3) Behavioral analysis (4.07) 4) Collaboration (4.00) 5) Machine learning / AI (3.97) 6) Threat hunting (3.88) 7) Signature detection (3.33) 19 | CC BY-SA 4.0 by Bricata
  • 20. | 20 34% say the relationship cybersecurity has with DevOps is strong 27% say the relationship cybersecurity has with DevOps is NOT strong 20 | CC BY-SA 4.0 by Bricata
  • 21. | 21 51% say the relationship cybersecurity has with the business is strong 22% say the relationship cybersecurity has with the business is NOT strong 21 | CC BY-SA 4.0 by Bricata
  • 22. Stronger relationship with the business than DevOps Security seems to have a stronger relationship with the business than with DevOps. Some 34% of respondents said the relationship between cybersecurity and DevOps is strong, while 27% said it isn’t. By contrast, 51% of respondents said the relationship between cybersecurity and the business is strong, while 22% said it isn’t. On some level this makes sense: cybersecurity serves the business while it often finds itself at odds with the change management processes DevOps champions. This is because a newly revealed exploit will exist in a production environment and the risks associated with changing the production environment are precisely why the process is intentionally slow and methodical. Still, it’s surprising because conventional wisdom says both sides have similar goals and speak the same language. If the pace an innovation of threats in the modern cybersecurity landscape have thrust this relationship into focus. 22 | CC BY-SA 4.0 by Bricata
  • 23. Security professionals in their own words This survey asked one final open-ended question – What is one thing you wish the business would understand about cybersecurity? – and it received 46 responses. A representative sample follows: • “What you get in results, will rarely be outdone by what you give; but what you get, can and almost always does, outweigh what you give.” • “Security culture is extremely important since people are the weakest link in the security chain.” • “It is a continuous process that must encompass every operating, development and planning activity within an institution.” • “That DevOps needs to communicate more clearly and ask security for help, DevOps should not be making security decisions.” • “Its easier with a lower TCO if done correctly up front than it is to try to fix problems after something has been deployed.” • “How much damage one human being can accidentally do through negligence.” • “Cybersecurity is a strategic investment.” • “It is everyone's business and responsibility.” • “It takes money to protect the enterprise, and the IT department requires an adequate budget to implement.” • “[Security] is complex and does not scale easily; it requires budget and FTEs.” • “An understanding of the resources required in order to achieve a rapid response could be improved.” A word cloud of all responses follows on the next page. 23 | CC BY-SA 4.0 by Bricata
  • 24. | 24 24 | CC BY-SA 4.0 by Bricata
  • 25. Survey demographics and methodology 25 | CC BY-SA 4.0 by Bricata
  • 26. | 26 52% of respondents have 10 or more years of experience 26 | CC BY-SA 4.0 by Bricata
  • 27. | 27 Included retail, consulting, HR and tourism 27 | CC BY-SA 4.0 by Bricata
  • 28. | 28 28 | CC BY-SA 4.0 by Bricata
  • 29. Survey methodology This survey was conducted online from November 1, 2018, until November 30, 2018. Survey respondents were solicited by email distributed through two third-party organizations with well-established cybersecurity subscribers. Sixty eight mostly senior respondents with more than 10 years of experience completed the survey. Respondents hailed from a wide distribution of industries. Respondents were most widely represented by technology (29%) and financial (22%) vertical markets, though many also stem from government, education, healthcare and non-profit. Respondents were incentivized with a chance to win one of three $50 gift cards. 29 | CC BY-SA 4.0 by Bricata
  • 30. Recommended resources • Here’s What Network Threat Hunting Means, Why It Matters, and How to Get Started [blog] • 7 Simple but Effective Threat Hunting Tips from a Veteran Threat Hunter [blog] • Layers of Cybersecurity: Signature Detection vs. Network Behavioral Analysis [blog] • 7 Security Trends Shaping Intrusion Detection Technology [blog] • Snort, Suricata and Bro: 3 Open Source Technologies for Securing Modern Networks [blog] • Introduction to Network Threat Hunting [webinar] • Threat Hunting: Finding Hidden & Undetected Network Threats [webinar] Connect with Bricata on Twitter, LinkedIn or Facebook. 30 | CC BY-SA 4.0 by Bricata
  • 31. About Bricata, Inc. Bricata is the leader in comprehensive network protection. The Bricata flagship solution provides unparalleled network visibility, full-spectrum threat detection, true threat hunting, and threat resolution capabilities in an intuitive, tightly-integrated and self- managing system. Its automated detection, productive GUIs, and expert system workflows make it easy-to-use for novices; while granular control of its engines, access to rich network metadata and PCAPs, and true threat hunting capabilities give experts the power and control they demand. Bricata has been proven to speed incident resolution by eight times by reliably detecting threats and providing the context necessary to get to the truth quickly and act. For more information visit www.bricata.com.