Research Reprt Abstract: Advanced Malware Detectin and Prtectin Trends By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm, Senir Prject Manager September 2013 2013 by The Enterprise Strategy Grup, Inc. All Rights Reserved.
Intrductin Research Objectives Research Reprt: Advanced Malware Detectin and Prtectin Trends The primary bjective f this ESG research study was t survey security prfessinals wrking at enterprise rganizatins (i.e., 1,000 emplyees r mre) in rder t better understand their pinins, experiences, and skills as they pertain t mdern malware. Furthermre, ESG wanted t understand hw large rganizatins are preventing, detecting, and respnding t malware attacks n a regular basis and what, if anything, is changing. T assess these issues, ESG asked 315 security prfessinals t respnd t questins in areas including: Malware knwledge and pinins Direct APT experience Hw familiar are security prfessinals with mdern malware? D they believe that the malware landscape is getting wrse? Are their rganizatins vulnerable t a malware attack? What abut their emplyees? Have enterprise rganizatins had IT assets cmprmised by malware ver the past few years? Hw did malware penetrate their netwrks? What kind f financial and peratinal damage has been caused by malware attacks? Hw d rganizatins detect a malware attack? Hw lng des it take them? Security prcesses, skills, and technlgies Malware respnses What are rganizatins ding t prtect themselves frm malware tday? Where are they strngest and weakest in terms f prcesses, skills, and technlgy safeguards? Hw effective are they at detecting and respnding t security attacks? What specific cntrls are they using t prtect their netwrks and hsts? Have rganizatins mdified security prcesses as a direct result f malware? If s, what have they changed? Have rganizatins made rganizatinal changes as a result f malware? Are rganizatins increasing security budgets as a result f malware? Have they dedicated dllars t any type f anti-malware budget? Is malware impacting enterprises security technlgy plans and strategies? If s, hw? Survey participants represented a wide range f industries including financial services, manufacturing, business services, cmmunicatins and media, and gvernment. Fr mre details, please see the Research Methdlgy and Respndent Demgraphics sectins f this reprt. 2013 by The Enterprise Strategy Grup, Inc. All Rights Reserved.
Research Methdlgy T gather data fr this reprt, ESG cnducted a cmprehensive nline survey f IT and infrmatin security prfessinals frm private- and public-sectr rganizatins in Nrth America (United States and Canada) between May 6, 2013 and May 13, 2013. T qualify fr this survey, respndents were required t be an IT r infrmatin security prfessinal invlved in the planning, implementatin, and/r peratins f their rganizatins infrmatin security plicies, prcesses, r technical safeguards as well as have purchasing respnsibility fr infrmatin technlgy prducts and services. All respndents were prvided an incentive t cmplete the survey in the frm f cash awards and/r cash equivalents. After filtering ut unqualified respndents, remving duplicate respnses, and screening the remaining cmpleted respnses (n a number f criteria) fr data integrity, we were left with a final ttal sample f 315 IT prfessinals. Please see the Respndent Demgraphics sectin f this reprt fr mre infrmatin n these respndents. Nte: Ttals in figures and tables thrughut this reprt may nt add up t 100% due t runding.
Research Reprt: Advanced Malware Detectin and Prtectin Trends Respndent Demgraphics The data presented in this reprt is based n a survey f 315 qualified respndents. The figures in this sectin detail the demgraphics f the respndent base, including individual respndents current jb respnsibility, and respndent rganizatins ttal number f emplyees, primary industry, and annual revenue. Respndents by Infrmatin Security Technlgy Purchasing Respnsibility Respndents purchasing respnsibility fr infrmatin security technlgy prducts fr their rganizatins is shwn in Figure 1. Figure 1. Survey Respndents by Infrmatin Security Technlgy Purchasing Respnsibility T what degree are yu respnsible fr making purchase decisins related t infrmatin security technlgy prducts and services? (Percent f respndents, N=315) I make/apprve purchase decisins, 31% I influence purchase decisins, 69% Respndents by Current Respnsibility Respndents current jb respnsibility is shwn in Figure 2. Figure 2. Survey Respndents by Current Jb Respnsibility Which f the fllwing best describes yur current respnsibility within yur rganizatin? (Percent f respndents, N=315) Surce: Enterprise Strategy Grup, 2013. IT staff, 39% Other, 1% Senir IT management (e.g., CIO, VP f IT, Directr f IT, etc.), 27% IT management, 33% Surce: Enterprise Strategy Grup, 2013. 2013 by The Enterprise Strategy Grup, Inc. All Rights Reserved.
Research Reprt: Advanced Malware Detectin and Prtectin Trends Respndents by Number f Emplyees The number f emplyees in respndents rganizatins is shwn in Figure 3. Figure 3. Survey Respndents by Number f Emplyees Hw many ttal emplyees des yur rganizatin have wrldwide? (Percent f respndents, N=315) 20,000 r mre, 30% 1,000 t 2,499, 14% 2,500 t 4,999, 21% 10,000 t 19,999, 17% 5,000 t 9,999, 17% Respndents by Industry Surce: Enterprise Strategy Grup, 2013. Respndents were asked t identify their rganizatin s primary industry. In ttal, ESG received cmpleted, qualified respndents frm individuals in 19 distinct vertical industries, plus an Other categry. Respndents were then gruped int the brader categries shwn in Figure 4. Figure 4. Survey Respndents by Industry What is yur rganizatin s primary industry? (Percent f respndents, N=315) Other, 20% Manufacturing, 20% Cmmunicatins & Media, 5% Business Services (accunting, cnsulting, legal, etc.), 5% Retail/Whlesale, 9% Health Care, 11% Financial (banking, securities, insurance), 17% Gvernment (Federal/Natinal, State/Prvince/Lcal), 14% Surce: Enterprise Strategy Grup, 2013. 2013 by The Enterprise Strategy Grup, Inc. All Rights Reserved.
Research Reprt: Advanced Malware Detectin and Prtectin Trends Respndents by Annual Revenue Respndent rganizatins annual revenue is shwn in Figure 5. Figure 5. Survey Respndents by Annual Revenue 25% What is yur rganizatin s ttal annual revenue ($US)? (Percent f respndents, N=315) 22% 20% 15% 10% 5% 3% 6% 10% 14% 10% 12% 14% 9% 0% Less than $100 millin $100 millin t $249.999 millin $250 millin t $499.999 millin $500 millin t $999.999 millin $1 billin t $4.999 billin $5 billin t $9.999 billin $10 billin t $19.999 billin $20 billin r mre Nt applicable (e.g., public sectr, nn-prfit) Surce: Enterprise Strategy Grup, 2013. 2013 by The Enterprise Strategy Grup, Inc. All Rights Reserved.
Research Reprt: Advanced Malware Detectin and Prtectin Trends Cntents List f Figures... 3 List f Tables... 4 Executive Summary... 5 Research Cnclusins... 6 Intrductin... 9 Research Objectives... 9 Research Findings... 10 The ESG Advanced Malware Detectin and Preventin Segmentatin Mdel... 10 The Malware Landscape... 12 The Security Skills and Knwledge Gap... 21 Addressing the Grwing Malware Threat... 27 Malware and Endpint Security... 31 Security Analytics and Malware Detectin... 34 Advanced Malware Detectin/Preventin Netwrk Gateways... 39 Enterprises Are Respnding t Malware Threats... 43 Cnclusin... 47 Research Implicatins fr Security Technlgy and Services Vendrs... 48 Research Implicatins fr IT and Security Prfessinals... 50 Research Methdlgy... 52 Respndent Demgraphics... 53 Respndents by Infrmatin Security Technlgy Purchasing Respnsibility... 53 Respndents by Current Respnsibility... 53 Respndents by Number f Emplyees... 54 Respndents by Industry... 54 Respndents by Annual Revenue... 55 2013 by The Enterprise Strategy Grup, Inc. All Rights Reserved.
Research Reprt: Advanced Malware Detectin and Prtectin Trends List f Figures Figure 1. Advanced Malware Detectin and Preventin Segmentatin Mdel... 11 Figure 2. Advanced Malware Landscape Sentiment... 12 Figure 3. Reasns Driving Increased Threat Perceptin... 13 Figure 4. Perceptins f Average Organizatin Malware Vulnerability... 14 Figure 5. Perceptins f Nn-technical User Malware Vulnerability... 14 Figure 6. Cncerns Assciated with Internet Security Risks... 15 Figure 7. Pervasiveness f Successful Malware Attacks... 16 Figure 8. Pervasiveness f Successful Malware Attacks, by the ESG AMDP Segmentatin Mdel... 16 Figure 9. Number f Successful Malware Attacks Suffered in the Last 24 Mnths... 17 Figure 10. Causes f Malware Attack Success... 18 Figure 11. Causes f Malware Attack Success Analyzed by the ESG AMDP Segmentatin Mdel... 19 Figure 12. Average Amunt f Time Taken t Detect Malware Attack... 20 Figure 13. Lngest Amunt f Time Taken t Detect Malware Attack in the Past Tw Years... 20 Figure 14. Staffing and Skill Level f the IT Security Team... 21 Figure 15. Skill Level f the IT Security Team, by the ESG AMDP Segmentatin Mdel... 22 Figure 16. IT Security Team Headcunt, by the ESG AMDP Segmentatin Mdel... 22 Figure 17. Familiarity with Mdern Malware Aspects/Types... 23 Figure 18. IT and Security Teams Capabilities with Respect t Addressing Malware... 24 Figure 19. Mst Imprtant Malware Detectin/Respnse Tasks... 25 Figure 20. Incident Detectin/Respnse Tasks: Organizatins Strengths... 26 Figure 21. Measures Organizatins Are Taking t Supprt IT Security Team s Malware Needs... 27 Figure 22. Measures Organizatins Are Taking t Supprt IT Security Team s Malware Needs Analyzed by the ESG AMDP Segmentatin Mdel... 28 Figure 23. Familiarity with Lifecycle fr APTs and Targeted Attacks... 29 Figure 24. Rating f Organizatin f Each Phase f the Lifecycle fr APTs and Targeted Attacks... 30 Figure 25. Effectiveness f Existing Netwrk Security Technlgy Cntrls t Detect/Blck Malware... 30 Figure 26. Weakest Area f Security Mnitring fr Endpint PCs... 31 Figure 27. Weakest Area f Security Mnitring fr Mbile Endpints... 32 Figure 28. Hst-based Security Sftware Sentiment... 33 Figure 29. Effectiveness f Current Security Analytics Prcesses and Technlgies... 34 Figure 30. Mst Imprtant Types f Data fr Use in Malware Detectin and Analysis... 35 Figure 31. Types f Analyses Used Tday t Detect r Analyze Malware... 36 Figure 32. Steps Organizatins are Taking t Help Imprve Security Analytics... 37 Figure 33. Steps Organizatins Are Taking t Help Imprve Security Analytics Analyzed by the ESG AMDP Segmentatin Mdel... 38 Figure 34. Familiarity with Sandbxing Technlgy... 39 Figure 35. Familiarity with Sandbxing Technlgy Analyzed by the ESG AMDP Segmentatin Mdel... 40 Figure 36. Deplyment f Sandbxing Technlgy... 41 Figure 37. Effectiveness f Sandbxing Technlgy... 42 Figure 38. Where Netwrk-based Anti-malware Technlgy Shuld Reside... 42 Figure 39. Security Budget Changes ver the Past 24 Mnths in Respnse t Malware... 43 Figure 40. Allcatin f 2013 Budget t New Anti-malware Technlgies... 44 Figure 41. Surces f Budget fr Anti-Malware Technlgies... 45 Figure 42. Planned Changes f Security Technlgy Strategy Decisins ver the Next 24 Mnths... 46 Figure 43. Survey Respndents by Infrmatin Security Technlgy Purchasing Respnsibility... 53 Figure 44. Survey Respndents by Current Jb Respnsibility... 53 Figure 45. Survey Respndents by Number f Emplyees... 54 Figure 46. Survey Respndents by Industry... 54 Figure 47. Survey Respndents by Annual Revenue... 55 2013 by The Enterprise Strategy Grup, Inc. All Rights Reserved.
Research Reprt: Advanced Malware Detectin and Prtectin Trends List f Tables Table 1. Cncerns Assciated with Internet Security Risks, by the ESG AMDP Segmentatin Mdel... 15 Table 2. Familiarity with Mdern Malware Aspects/Types Analyzed by the ESG AMDP Segmentatin Mdel... 24 Table 3. Familiarity with Mdern Malware Aspects/Types Analyzed by the ESG AMDP Segmentatin Mdel... 25 Table 4. Familiarity with APT Lifecycle Analyzed by the ESG AMDP Segmentatin Mdel... 29 Table 5. Hst-based Security Sftware Sentiment Analyzed by the ESG AMDP Segmentatin Mdel... 33 Table 6. Effectiveness f Current Security Analytics Prcesses and Technlgies Analyzed by the ESG AMDP Segmentatin Mdel... 34 Table 7. Deplyment f Sandbxing Technlgy Analyzed by the ESG AMDP Segmentatin Mdel... 41 Table 8. Security Budget Changes ver the Past 24 Mnths in Respnse t Malware Analyzed by the ESG AMDP Segmentatin Mdel... 43 Table 9. Allcatin f 2013 Budget t New Anti-malware Technlgies Analyzed by the ESG AMDP Segmentatin Mdel... 44 All trademark names are prperty f their respective cmpanies. Infrmatin cntained in this publicatin has been btained by surces The Enterprise Strategy Grup (ESG) cnsiders t be reliable but is nt warranted by ESG. This publicatin may cntain pinins f ESG, which are subject t change frm time t time. This publicatin is cpyrighted by The Enterprise Strategy Grup, Inc. Any reprductin r redistributin f this publicatin, in whle r in part, whether in hard-cpy frmat, electrnically, r therwise t persns nt authrized t receive it, withut the express cnsent f The Enterprise Strategy Grup, Inc., is in vilatin f U.S. cpyright law and will be subject t an actin fr civil damages and, if applicable, criminal prsecutin. Shuld yu have any questins, please cntact ESG Client Relatins at 508.482.0188. 2013 by The Enterprise Strategy Grup, Inc. All Rights Reserved.
20 Asylum Street Milfrd, MA 01757 Tel: 508.482.0188 Fax: 508.482.0128 www.esg-glbal.cm