Single-Vendor Security Ecosystems Offer Concrete Benefits Over Point Solutions

Similar documents
Capacity Management Benefits For The Cloud

Endpoint Security Trends, Q To Q4 2014

Why Endpoint Backup Is More Critical Than Ever

Managed Mobility Cloud Services Gain Momentum With European Midmarket Organizations

Application Performance Management Is Critical To Business Success

Digital Business Requires Application Performance Management

Enterprises Seek The Benefits Of Hybrid Cloud, And Work To Overcome The Challenges

Future IT Capacity Planning Depends On Flexibility

Close The Gaps Left By Traditional Vulnerability Management Through Continuous Monitoring Organizations Find Real Value With Continuous Monitoring

SMBs File Storage Needs Are Growing, But 57% Underestimate File Server Costs 45% Are Interested In Cloud Options

File Sync And Share Grows In The Enterprise: Capture The Benefits And Manage The Risks

Cloud Without Limits: How To Deliver Hybrid Cloud With Agility, Governance, And Choice

The Expanding Role Of Mobility In The Workplace

Not All Cloud Solutions Are Created Equal: Extracting Value From Wireless Cloud Management

Records Management And Hybrid Cloud Computing: Transforming Information Governance

Latest IT Trends For Secure Mobile Collaboration

Mobile Device Management Underpins A Bring-Your-Own- Device (BYOD) Strategy

Are SMBs Taking Disaster Recovery Seriously Enough?

The Risks Of Do It Yourself Disaster Recovery

Continuous Third-Party Security Monitoring Powers Business Objectives And Vendor Accountability

If you had your choice of two work devices that would make you most productive in your job, which two devices would you prefer to have?

Best Practices For Public Cloud Security Part Three Of A Three-Part Series On Public Cloud Security

Benefits Of Leveraging The Cloud Extend To Master Data Management

Consumer Web Portals: Platforms At Significant Security Risk

UC And Collaboration Adoption By Business Leads To Real Benefits

Leverage Micro- Segmentation To Build A Zero Trust Network

Big Data Ups The Customer Analytics Game

The Necessity Of Cloud- Delivered Integrated Security Platforms

The Move Toward Modern Application Platforms

Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Page 2. Most Of The Information Workforce Now Works Remotely

Cloud Backup And Disaster Recovery Meets Next-Generation Database Demands Public Cloud Can Lower Cost, Improve SLAs And Deliver On- Demand Scale

Leverage Cloud-Based Contact Center Technologies To Provide Differentiated Customer Experiences

A number of factors contribute to the diminished regard for security:

Intent Data Can Sharpen Your Competitive Edge

Connect and Protect: The Importance Of Security And Identity Access Management For Connected Devices

Content Security: Protect Your Network with Five Must-Haves

Strategically Detecting And Mitigating Employee Fraud

File Sync And Share And The Future Of Work

A Custom Technology Adoption Profile Commissioned By Aerohive Networks. January Cloud Networking

A Tidal Wave of Dynamic Web Content Is Coming How Will You Respond?

Accelerate BI Initiatives With Self-Service Data Discovery And Integration

A Forrester Consulting Thought Leadership Paper Commissioned By Zebra Technologies. November 2014

Key Strategies To Capture And Measure The Value Of Consumerization Of IT

Zero Trust Requires Effective Business-Centric Application Segmentation

A Forrester Consulting Thought Leadership Paper Commissioned By Brother. December 2014

The Unified Communications Journey

Unified Security, ATP and more

Fighting Advanced Threats

The State Of Public Cloud Security Part One Of A Three-Part Series On Public Cloud Security

Are SMBs Taking Disaster Recovery Seriously Enough?

Enable Mobility With Application Visibility At The Edge Of The Network

overview Enterprise Security Solutions

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

OVERVIEW. Enterprise Security Solutions

2012 Endpoint Security Best Practices Survey

Requirements When Considering a Next- Generation Firewall

The Power Of Real-Time Insight How Better Visibility, Data Analytics, And Reporting Can Optimize Your T&E Spend

Addressing the Full Attack Continuum: Before, During, and After an Attack. It s Time for a New Security Model

The Cloud Manager s Balancing Act Balancing Security And Cost Without Sacrificing Time-To-Value

Simplify And Innovate The Way You Consume Cloud

Customer Cloud Adoption: From Development To The Data Center

INFORMATION PROTECTED

overview Enterprise Security Solutions

Driving Success in 2013: Enabling a Smart Protection Strategy in the age of Consumerization, Cloud and new Cyber Threats. Eva Chen CEO and Co-Founder

Top 10 Reasons Enterprises are Moving Security to the Cloud

A Forrester Consulting Thought Leadership Paper Commissioned By AT&T Collaboration Frontier: An Integrated Experience

Improving The Retail Experience Through Fast Data

SPEAR PHISHING AN ENTRY POINT FOR APTS

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention

Global IT Security Risks

The Benefits of an Integrated Approach to Security in the Cloud

Transcription:

A Custom Technology Adoption Profile Commissioned By Trend Micro April 2014 Single-Vendor Security Ecosystems Offer Concrete Benefits Over Point Solutions Introduction Advanced attacks on an organization s digital assets often leverage multiple vectors, spanning network, endpoint, web, and email systems. Security professionals who adopt point product technologies, such as endpoint antivirus, often find limited success when these tools lack a holistic view of their environment. In order to succeed in an increasingly sophisticated threat landscape, organizations prefer to adopt single-vendor solutions that span multiple layers of their infrastructure. Organizations that adopt such solutions generally experience a number of operational, financial, and security benefits. Additional value can be achieved when a combination of proactive and reactive technologies can be sourced on a per-user basis, delivered either on-premises or through a hosted service. This Trend Micro-commissioned profile of North American, European, and Asia Pacific IT security decision-makers from companies with 100 to 5,000 employees evaluates the current endpoint security solution market based on Forrester s own market data, and a custom study of the same audience. Major Challenges Remain For IT Security Professionals Organizations are constantly under attack from increasingly advanced cyber adversaries. Hacking groups, operating under a range of motivations, employ highly coordinated campaigns that leverage web, email, and network vectors to often drop malware on the user endpoint or steal user credentials. Phishing is often used in conjunction with network and endpoint attacks in order to trick unsuspecting employees into clicking on infected attachments or giving the attackers valuable data such as their user credentials. In fact, according to Forrester s Forrsights Security Survey, Q2 2013, 29% of all breaches involved phishing at some point during the attack campaign. Additionally, the malware used in these attacks is increasing in sophistication, employing advanced evasion and obfuscation techniques to avoid detection from traditional antivirus methods. Organizations are acutely aware of these trends, with three-quarters of security professionals rating the evolving nature of threats as a top challenge (see Figure 1). Security operational challenges persist as well, with dayto-day tactical duties and IT environmental complexity presenting significant challenges to 64% and 61% (respectively) of security professionals.

1 FIGURE 1 A Majority Of Orgs Experience Challenges With Evolving Threats And Security Operations Please rate the following IT security challenges in your firm: Challenge Major challenge Changing/evolving nature of IT threats (internal and external) 44% 31% Day-to-day tactical activities taking up too much time 43% 21% Other priorities in the organization taking precedence over security initiatives 39% 23% Complexity of our IT environment 42% 19% Lack of budget 35% 25% Lack of staff (the security team is understaffed) 36% 20% Unavailability of security employees with the right skills 36% 16% Inability to measure the effectiveness of our security program 39% 12% Lack of visibility and influence within the organization (including difficulty making business cases) 38% 12% Unavailability of products/services that fit our needs 29% 10% Base: 1,172 IT security decision-makers at firms with 100 to 5,000 employees Source: Forrsights Security Survey, Q2 2013, Forrester Research, Inc. Too many security vendors to manage 24% 7% EVOLVING WORKPLACE ENVIRONMENTS INCREASE RISK Today s workforce has become accustomed to taking their work with them on the road; over half of the security professionals surveyed described their respective organizations as having either moderately or highly mobile workforces. Security pros worry about protecting their mobile devices (smartphones, tablets, laptops) against device loss/theft as well as unsecure network connections. These risks associated with mobile use are compounded by employees unprecedented access to their organization s sensitive data assets. Fifty-three percent of information workers reported that they have access to customer data, including personal financial information; 40% have access to customer service data and account numbers; while approximately a quarter have access to critical IP and sensitive employee data (see Figure 2). While mobile devices offer many benefits to an organization, including increased worker productivity and efficiency, security professionals realize the enormous risk they pose regarding sensitive data loss as well as offering malicious parties an additional conduit into the organization s networks. FIGURE 2 Mobile Workers Have Access To A Host Of Sensitive Resources What types of information do you have access to at work, regardless of whether you need to use it for your job or not? Customer data (e.g., names, contact information, credit card data) Contracts, invoices, customer orders Customer service data, account numbers Intellectual property belonging to the company (blueprints, designs, formulas, recipes) Employee data (e.g., HR data, payroll data) Non-public corporate financial information relating to the company 22% None of the above 20% Non-public corporate marketing/ strategy plans relating to the company 18% 29% 27% 41% 40% Base: 2,302 information workers at firms with 100 to 5,000 employees Source: Forrsights Devices And Security Workforce Survey, Q2 2013, Forrester Research, Inc. 53%

2 Security Pros Find Success With An Integrated Approach To Security Organizations invest in security controls to address threats at every layer commonly targeted by malicious parties (see Figure 3). However, when these systems are protected by separate point products with isolated intelligence analysis/policy engines and management consoles, complexity increases and gaps in security coverage are more likely to present opportunities for exploit by malicious parties. Integrating the security management and analysis within each layer is crucial when protecting against advanced or targeted attacks. FIGURE 3 Organizations Adopt Security Tools To Address Threats At Multiple Layers What are your firm s plans to adopt the following technologies? (% represents firms who are reinvesting or planning to invest in the below technologies) Mobile security 64% Antimalware 63% Secure web gateway 56% Advanced threat protection 56% Data loss prevention (DLP) 56% Endpoint encryption 56% SharePoint security 55% Application control 52% Email security 49% Base: 151 global IT security decision-makers from firms with 100 to 5,000 employees Source: A commissioned study conducted by Forrester Consulting on behalf of Trend Micro, March 2014 A SINGLE-VENDOR APPROACH TO SECURITY DELIVERS MULTIPLE BENEFITS Single-vendor security ecosystems are more easily able to integrate the management, policy, and intelligence engines across each of the security layers. Concrete operational, financial, and security benefits are reaped as a result and security pros understand this. In fact, 62% of security decision-makers prefer to source their security technologies from a single vendor versus multiple best-of-breed point solutions 1. Of those who decide to use a single-vendor ecosystem, survey results show that security pros reported experiencing (see Figure 4): Reduced operational friction. Compared to point solutions, single-vendor ecosystems are more likely to offer integrated management consoles with common policy engines across endpoint, web, email, network, and/or server security controls. Subsequently, less time and effort is spent managing the tools and training staff on multiple user interfaces. Survey results back this up: 52% of those security pros who moved to a single-vendor ecosystem reported a reduction of complexity, 47% reported a reduction in time spent managing their products, and 36% reported a reduction in time spent training security staff on their tools. Policy deployment is improved as well; 36% reported that a single-vendor ecosystem leads to a more streamlined method of enforcing policies across multiple security layers. Reduced cost. Organizations spend a nontrivial amount of time managing vendor relationships and negotiating contracts to get the most value for their money. When multiple security point products are sourced, this compounds the time and effort spent compared to singlevendor negotiations. Additionally, when purchasing multiple security products from the same vendor, organizations are often able to take advantage of suite discounting deals not offered when sourcing multiple point solutions. Survey results highlight these benefits, with 44% of those security pros who source their security products from a single vendor reporting lowered cost and 36% reporting less time spent negotiating with vendors. Better protection. Thirty-seven percent of security pros who adopted a single-vendor ecosystem reported better protection against advanced threats, with 42% achieving faster response to threats overall. This makes sense; advanced attacks are likely to cross paths with multiple security systems entering the network via multiple vectors. When looked at in isolation, security events created by various point products may seem to be relatively low priority, possibly indicative of mass malware or errant system processes. However, when taken into context of the greater attack campaign, those low priority events may indicate a much more dangerous targeted attack. Single-vendor ecosystems are more likely to offer event analysis across multiple layers of the stack, giving security professionals (and their tools) the ability to see the forest for the trees in the context of an advanced attack campaign.

3 FIGURE 4 Security Pros Experience Many Benefits With Single-Vendor Ecosystems What benefits has your firm realized from adopting a single-vendor portfolio foryour security technologies? We reduced complexity 52% Time spent managing the security tools has been reduced We reduced our security technology cost We are able to respond to threats quicker We achieved better protection against advanced attacks Policy deployment has been streamlined Time spent training staff has been reduced Vendor negotiation is more streamlined We didn t see any benefits 3% 47% 44% 42% 37% 36% 36% 36% Base: 151 global IT security decision-makers from firms with 100 to 5,000 employees Source: A commissioned study conducted by Forrester Consulting on behalf of Trend Micro, March 2014 Organizations Look For Flexibility And Depth When Sourcing Single Vendor Solutions Security pros are tasked with securing an expanding and dynamic list of devices and operating environments, each with varying levels of control and ownership. As trends such as consumerization, virtualization, and BYOD progress within the IT organization, security pros look for technology solutions agile enough to adapt to their changing security requirements. Additionally, as security threats evolve, security pros look for solutions that help protect beyond the basic blocking-and-tackling forms of protection common with many traditional forms of security. When sourcing single-vendor security solutions, security pros specifically look for: Solutions that combine proactive and reactive protection. Ninety-four percent of surveyed security pros who use a single vendor for their security technologies feel a combination of proactive and reactive security technologies is important to achieving optimal security conditions (see Figure 5).Traditionally, security and risk (S&R) pros have relied on signature-based antimalware as the focal point to their endpoint protection strategy, but third-party research has shown this approach is far from perfect when protecting against advanced threats. 2 Proactive security tools, such as application control and encryption technologies, help reduce the threat surface of the endpoint environment to a more manageable level without relying on signatures. Flexibility in licensing. As employees demand access to corporate resources on an expanding set of devices, it is security s job to protect these assets accordingly. Licensing security tools for each of these devices separately can be costly and complicated to manage; for this reason, 65% of security pros reported a desire to license their security technologies on a per-user basis as opposed to a device-based model. Flexibility in deployment options. An organization s IT environment is rarely static; as the business evolves and requirements change, new security technologies will need to be sourced and integrated into the existing infrastructure. Single-vendor security solutions that can be quickly expanded across physical, virtual, on-premises, and cloud systems without negotiating new terms are ideally suited to operate in modern dynamic IT environments with evolving security requirements. Not surprisingly, 77% of the surveyed security pros operating single vendor environments rated flexibility as an important criteria when choosing their security solutions.

1 FIGURE 5 S&R Pros Look For Single-Vendor Solutions Ready To Handle Current And Future Security Requirements How important is the combination of proactive and reactive security controls to achieving optimal security conditions? (% represents sum of critical to important responses) How important is it to source security technologies based on per-user (as opposed to device-based) pricing (% represents sum of very important and important responses) How important is flexibility when deploying a security solution? (% represents sum of very important and important responses) 94% 65% 77% Base: 151 global IT security decision-makers from firms with 100 to 5,000 employees Source: A commissioned study conducted by Forrester Consulting on behalf of Trend Micro, March 2014 Conclusion While best-of-breed point products may give superior protection from attacks affecting their respective layer of the IT stack, advanced threats rarely operate in isolation, often affecting multiple layers in parallel. Managing policies and taking action across web, email, endpoint, network, and server security layers is complex and requires considerable resources to achieve quickly enough to prevent costly data breaches. For this reason, security pros have found significant success in sourcing multiple security technologies from a single-vendor ecosystem. Vendors that offer a combination of proactive and reactive technologies are in the best position to protect against advanced threats, especially as malware proliferates and becomes harder to detect by traditional blacklist-based methods of protection. Cost savings can also be achieved by sourcing multiple technologies from the same vendor, with added savings gained from solutions that license on a per-user basis across multiple physical and virtual form factors. Methodology This Technology Adoption Profile was commissioned by Trend Micro. To create this profile, Forrester leveraged its Forrsights Security Survey, Q2 2013, and Forrsights Devices And Security Workforce Survey, Q2 2013. Forrester Consulting supplemented this data with custom survey questions asked of global IT security decision-makers from firms with 100 to 5,000 employees. The auxiliary custom survey was conducted in March 2014. For more information on Forrester s data panel and Tech Industry Consulting services, visit www.forrester.com.

5 Endnotes 1 Forrsights Security Survey, Q2 2013, Forrester Research, Inc. 2 AV-Test and AV-Comparatives.org both report low detection rates (between 65% and 98%, depending on tools used) when using antimalware engines to detect previously unknown malware resident on Windows machines. Visit the following for more information. Source: "Microsoft: Security Essentials," AV-Test, May to June 2013 (http://www.avtest.org/no_cache/en/tests/test-reports/?tx_avtestreports_pi1%5breport_no%5d=132335) and "Retrospective/Proactive test," AV-Comparatives.org, March 2013 (http://www.av-comparatives.org/wpcontent/uploads/2013/08/avc_beh_201303_en.pdf). ABOUT FORRESTER CONSULTING Forrester Consulting provides independent and objective research-based consulting to help leaders succeed in their organizations. Ranging in scope from a short strategy session to custom projects, Forrester s Consulting services connect you directly with research analysts who apply expert insight to your specific business challenges. For more information, visit forrester.com/consulting. 2014, Forrester Research, Inc. All rights reserved. Unauthorized reproduction is strictly prohibited. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change. Forrester, Technographics, Forrester Wave, RoleView, TechRadar, and Total Economic Impact are trademarks of Forrester Research, Inc. All other trademarks are the property of their respective companies. For additional information, go to www.forrester.com. 1-PRK9O3

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information