Trends In The Israeli Information Security Market 2008

Trends in the Israeli
Information Security Market
2008
Shahar Geiger Maor
Analyst, STKI
shahar@stki.info

Information Security Threatscape

Your Text here Your Text here

2

Global Security Mega Trends -Threat Horizon

Outside threats: Hackers and organized crime have
joined hands
Inside threats: The human factor is the key
Application Attacks become more prevalent
There Yourno here
is Text single logical place to put a “perimeter”
Your Text here

around the organization:
 Hackers focus on new and emerging technologies

All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 74 444 74 www.stki.info 3

General Trends for 2008
Virtual Machine Security Implications:
• Virtualization made big headlines in 2007 with major
players going public
• The industry hasn’t fully explored the security implications
of virtual technology
Mobile Platforms:
• Interest in mobile security has never been higher
• Phones become more complex, more interesting and more
connected
• Attackers may take advantage


General Trends for 2008 – The Human
Factor
 CISOs tend to trust products and technologies
 One persons mistake can expose a well-protected
organization
 Attackers know how to exploit the weaknesses of
human nature:
• Greed here
Your Text Your Text here
• “Flockquot; mentality
• Trust assertive figures
• The need to please
 Human weaknesses have no airtight solution
(Training?)


The Relative Seriousness of IT
Security Threats



STKI Survey 2008:
100%
90%
80%
70%
60%
50%
Israel
40%
30% World
20%
10%
0%
Careless/risky behavior Lost or stolen laptops and At least 90% of
by employees is the computer media are the most employees follow
most serious internal serious technical threat security policies
security threat
Source: STKI, CIO Insight 2008

STKI survey results



Am I Vulnerable?
 There is no such thing as quot;securequot;
 Despite the advanced systems, it's hard to know for
sure
 High demand for penetration testing, risk
assessments
 Many organizations are realizing the importance of a
neutral party
 Market is dominated by small and medium consulting
companies


The Cost of Security
Dollar Amount Losses by Type of Attack (Top 5,
Thousands $)

Financial Fraud
21,124,750$

)Virus (Worms/Spyware 8,391,800$

System Penetration by Outsiders 6,875,000$

Theft of Confidential Data (Not Including
5,685,000$
)Mobile Devices

Laptop or Mobile Theft 3,881,150$

(Source: CSI Survey 2007)
10
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 74 444 74 www.stki.info

World Security Technologies Used

(By Percent of Respondents)
)Four Most Common(
Antivirus Software 98%
Firewall 97%

Your Text here VPN 84%
Your Text here
Anti-Spyware Software 80%
)Four Less Common(
Public Key Infrastucture 32%
Specialized Wireless Security Systems 28%
EPS/NAC 27%
Biometrics 18%
(Source: CSI Survey 2007)

What Interest Our Clients? 2007-2008

Firewall/
Miscellaneous Application
Firewall Endpoint Security
20% 11%
12%
Your Text here Mail/ Mobile
Your Text here
Market Trends Device Encryption
18% 8%
NAC
7%
IDM
6%

URL Filtering Antivirus SIEM/SOC
6% 6% 6%


STKI survey results


All Rights Reserved @STKI Moshav Bnei Zion,
Israel +972 9 74 444 74 www.stki.info
13

Endpoint Security


14

Endpoint Security
 The Endpoint is a major threat
 Risk Factors:
• Spyware
• Viruses
• Website with malicious code
• External here
Your Text
devices carrying information Your Text here
 Even when you have protection systems, they can’t
be trusted:
•Users Circumvent the systems for comfort
•Communication problems prevent updates
•New stations or guests with no protection
•Infiltration of unprotected systems
 The Solution: NAC…

Endpoint Security – Continue
 Device Management is in the spotlight
 Major players enter the market – McAfee, Checkpoint,
Symantec
 Leading Solutions in Israel:
• Checkpoint -Pointsec Protector
• ControlGuard -Endpoint Access ManagerYour Text here
Your Text here

• McAfee -Host Intrusion Prevention
• SafeEnd -Protector
• Symantec -Endpoint Protection
 Most of our clients use a product, or in advanced
integration stages
 Device Management will become default soon
16
All Rights Reserved @STKI Moshav Bnei Zion, Israel +972 9 74 444 74 www.stki.info

Network AccessAdmission Control


17

Trends -Network Admission/
Access Control (NAC)
 NAC was invented by Cisco, but never standardized
 Standardization is expected in the coming years
 Even the acronym of NAC isn't clear
 Products exist, but experts can't agree on their
effectiveness

 There are problems with non-PC hardware
 Many of our customers are interested
 Majority of customers: researching or doing POC


World NAC Players


19
Source: Gartner

World NAC Players


20

Israeli NAC Players
Leading Solutions:
• Access Layers
• Cisco
• Enterasys
• ForeScout
• Insightix Text here
Your Your Text here

• McAfee
• Microsoft
• Nortel
• Symantec
• XOR

21

STKI Insights
NAC can be deployed less expensively when it is an
embedded feature
Many of the infrastructure-based solutions won’t not
work with older LAN switch product families - Some
organizations will wait for newer versions Text here
Your Text here Your
Some network and security vendors already have
solutions that can be part of the NAC process (AC, IPS) –
An important starting point for market domination
 First priority: implement a guest networking control
NAC is a Layer 2 vs. Layer 3 match

22

Data Leak/Loss Prevention


23

Data Leak /Loss Prevention (DLP)

 DLP is an overall framework into which different elements fit
 There are three types of data that may leak:
• Data at rest
• Data in transit
• Data on endpoints
 No single DLP focus area is foolproof, so enforcinghere three
Your Text here Your Text
all
makes problems less likely
 DLP is a growing area, and vendors react accordingly
 It is suggested to use full-suite vendors in order
to avoid integration problems


Data Leak /Loss Prevention –World Trends


Source: Aberdeen Report 2008


Data Leak /Loss Prevention –EMEA Trends


Source: Aberdeen Report 2008


DLP –Market Status & Players
World Leaders:
• Symantec (Acquired Vontu, 2007, 350$ M)
• Websense (Acquired PortAuthority 2007, 90$ M)
• Reconnex (Acquired by McAfee, July 2008, 46$ M)
• Tablus Text here
Your (Acquired by RSA, 2007, 40$ M) Your Text here
• Vericept ?
Main drivers for DLP are:
• Regulations such as Payment Card Industry (PCI),
Accountability Act (HIPAA)
• e-mail security, instant messaging (IM) and
endpoint monitoring solutions

Mobile Devices Security


28

Mobile Devices Security
 Mobile devices like Smartphones and PDAs are becoming
common
 Price drops make the phones attractive
 Now, some users sync, but it will expand, mostly at the
workplace
 Rich apps are on the horizon
 Portable devices are prone to theft, loss and tapping (BT)
 There are inadequate solutions according to Israeli users
 We expect major developments and maturity
 Major players enter the market


Inadequate Mobile Security?


Source: SafeNet Annual Survey 2008 30

STKI Survey 2008:
40%
35%
30%
25%
20%
Israel
15% Your Text here Your Text here
World
10%
5%
0%
Adequate solution Inadequate Plan to install Don't know /No
in place solution in place /Currently plan to install
installing
Source: STKI, CIO Insight 2008

Trends for 2009

DLP!
Data Monitoring
Mobile Security
NAC Your Text here Your Text here

32

Trends In The Israeli Information Security Market 2008

Trends In The Israeli Information Security Market 2008

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Trends In The Israeli Information Security Market 2008

Ähnlich wie Trends In The Israeli Information Security Market 2008 (20)

Mehr von Shahar Geiger Maor

Mehr von Shahar Geiger Maor (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Trends In The Israeli Information Security Market 2008