Robert Richardson Editorial Director SearchSecurity.com Can Your Budget Reshape Your Threat Landscape? 1
A Tiny Bit of History 2
Yay! Firewalls! 3
2014 Survey Demographics 459 Total NA Respondents What best describes your role at your workplace? IT/Security/Risk Executives 24.5% Mid-Level Manager 13.6% IT/ Security Staff 22.7% Network/ Systems Admin 23.4% Non-IT Business Executive 3.7% Non-IT Business/Finance manager or staff Employee Size 12.9% 25,000+ 7% 10,000-25,000 7.6% 5,000-9,999 18.1% 1,000-4,999 9% 500-999 17.5% 100-499 15.1% 10-99 12.9% Under 10 Experience 11.5% 50.2% 10+ years 19.3% 6-10 years 16.3% 3-5 years 8.5% 1-2 years 5.8% Less than a year What industry do you work in? Financial Services 19.7% Government 16.3% IT-related Manufacturing/Distribution/Srvcs 9.5% Health Care/Pharmaceutical 8.5% Consulting 7.8% Education 6.4% Non-IT Manufacturing/Distribution/Srvcs 6.4% Communications/Telecom 2.7% Entertainment/Hospitality/Travel 2.7% Retail/Wholesale distribution 2.4% Energy/Utilities 2.4% Transportation/ Automotive 2.0% Legal 1.4% Publishing/Broadcast Media 1% 4
90% in charge of evaluation and purchase What is your role in your company's security product purchasing decisions? (Choose all that apply.) 61% 63% 28% 34% Purchase Specify Evaluate Recommend
45% expect budget increases in the next 12 months Is your security budget in 2014 expected to: 19% 16% 27% Only 3% will have budgets decrease in 2014 26% 10% 1% 1% 1% 6
31% plan to increase spending on Antivirus/Antimalware in 2014 Compared to 2013, how will your spending on antivirus/antimalware change in 2014? No change Increase Decrease Don't know 0% 10% 20% 30% 40% 50% 60% 7
Top Antivirus/Antimalware technologies: What antivirus/antimalware technologies are you using? Select all that apply. Desktop Server Mobile None 5% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 8
Is static signature scanning effective? NOT effective Effective 9
Antivirus Do you obtain your antivirus capabilities as part of a larger suite of endpoint or other security tools? NO- 27% YES-73% 10
Top Antivirus/Antimalware technologies to add in 2014: What antivirus/antimalware technologies will you add in 2014? Select all that apply. Mobile 37% Server 30% Desktop 29% Reducing use of antivirus 5% Discontinuing 1% 0% 5% 10% 15% 20% 25% 30% 35% 40% 11
Antivirus sometimes good, sometimes bad 12
Antivirus sometimes good, sometimes bad Detection of new viruses at first encounter was generally less than 5% 13
Top Security purchasing priorities for the next 12 months For which of the following product categories are you evaluating to purchase in the next 12 months (Select all that apply) Email Security Remote Access Intrusion Detection and Prevention Data Loss Prevention Mobile security (mobile device management) Wireless LAN security Identity and Access Management Authentication (Tokens, Smart Cards, Biometrics)/ SSO Application/Software Security (including static and dynamic Web application Firewalls / Next-Generation Firewalls Endpoint Protection Products Encryption Vulnerability Management Firewalls and other network security products not yet Don't know Database Activity Monitoring Security services implemented in the cloud Policy/Risk Management Software Mobile products (such as specific handsets) Products that secure cloud infrastructure SIEM DDoS mitigation tools/services NAC Software Defined Networking (SDN) security tools UTM Email Security #1 for 2014 0% 5% 10% 15% 20% 25% 30% 35% 40% 14
Mobile and Cloud security are new top priorities for security professionals Rank the top 5 security problems or challenges at your organization. Compliance Mobile device security Cloud security risks Preventing viruses and worms Patching vulnerabilities before they are exploited Combating phishing scams Preventing hackers and external cybercrime Web application security Detecting targeted, persistent attacks Securing wireless LANs Insider threats Simplifying management of multiple threat management Vendor/business partner security Cloud security moved up from 7 th last year. Virtualization platform risks 0 100 200 300 400 500 600 700 800 15
Mobile and Cloud security are new top priorities for security professionals Rank the top 5 security problems or challenges at your organization. Compliance Mobile device security Cloud security risks Preventing viruses and worms Patching vulnerabilities before they are exploited Combating phishing scams Preventing hackers and external cybercrime Web application security Detecting targeted, persistent attacks Securing wireless LANs Insider threats Simplifying management of multiple threat management Vendor/business partner security Virtualization platform risks 0 100 200 300 400 500 600 700 800 16
Mobile and Cloud security are new top priorities for security professionals Rank the top 5 security problems or challenges at your organization. Compliance Mobile device security Cloud security risks Preventing viruses and worms Patching vulnerabilities before they are exploited Combating phishing scams Preventing hackers and external cybercrime Web application security Detecting targeted, persistent attacks Securing wireless LANs Insider threats Simplifying management of multiple threat management Vendor/business partner security Virtualization platform risks 0 100 200 300 400 500 600 700 800 17
Top Mobile Security initiatives in 2014: Rank the top three mobile security initiatives at your company in 2014: Authentication Antivirus/antimalware Mobile application security Encryption Policy enforcement Policy development Data exfiltration prevention Remote wipe GPS tracking 0 50 100 150 200 250 300 350 18
ios doesn t get malware, interesting. Source: Kaspersky Labs 19
All that malware has to be user installed Source: Kaspersky Labs 20
The new drive-by? Source: Avast 21
Using, planning to use or evaluating: Mobile Device Management (MDM) Are you currently using, planning to use, or evaluating mobile device management (MDM) technology? Evaluating MDM 29% No plan to use MDM 22% Using MDM now 19% 36% are currently evaluating or implementing an MDM technology in 2014. Implementing MDM in the next 12 months 8% 0% 5% 10% 15% 20% 25% 30% 22
Using, planning to use or evaluating: Mobile Application Management (MAM) Are you currently using, planning to use, or evaluating mobile application management (MAM) technology? Evaluating MAM Using MAM now Implementing MAM in the next 12 months 33% are currently evaluating or implementing an MAM technology in 2014. No plan to use MAM 0% 5% 10% 15% 20% 25% 30% 23
Mobile Security: True or False: I think that mobile security products and services will eventually become just another feature in broader endpoint security products. False 9% True 91% 24
31% plan to increase spend on Laptop/Desktop/Drive Encryption in 2014 Compared to 2013, how will your spending on laptop/desktop/drive encryption change in 2014? No change Increase Decrease Don't know 31% plan to increase spend on Laptop/Desktop/Drive Encryption in 2014 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% 25
OpenPGP keys soaring (but so what?) Source: SKS-keyservers.net 26
Top Encryption technologies in 2014: What encryption technology will you add in 2014? Select all that apply. Laptop full-disk encryption Mobile Email Laptop file encryption Database Desktop or Server Full Drive None 0% 5% 10% 15% 20% 25% 30% 35% 40% 27
Code Review: 1 in 5 of our reader s are looking to play in this field! Are you currently using, planning to use, or evaluating commercial dynamic or static source code review tools? Evaluating source code review tools Using source code review tools now Implementing source code review tools within the next 12 months 20% are currently evaluating or implementing commercial dynamic or static source code review tools in 2014. No plan to use source code review tools 0% 5% 10% 15% 20% 25% 30% 35% 28
Will you incorporate Big Data Analytics in 2014? Will you apply Big Data analytic tools as part of your security operations? Don't believe it is useful for my organization Currently evaluating Waiting to see if it seems useful to others Plan to use Already use 32% are currently evaluating or planning to use Big Data Analytics tools in 2014. 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% 29
Using, planning to use or evaluating: Security as a Service (Cloud-based) Are you currently using or planning to use Security as a Service? (Cloud-based security services that can be used to secure in-house or cloud-based assets.) Evaluating Security as a Service now 35% Using Security as a Service now Implementing Security as a Service now 4% 17% 39% are currently evaluating or implementing Security as a Service (Cloud services) in 2014. No plan to use Security as a Service 45% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50% 30
Top SaaS Security Services in 2014: What SaaS security services would you be inclined to use? (Select up to 3) Email security Business continuity and disaster recovery Data loss prevention (DLP) Encryption Web security Firewall management Ethical hacking/penetration testing Intrusion detection/prevention Identity services DDoS protection Vulnerability management Data tokenization Software vulnerability assessment SIEM/Log management services Email Security #1 for 2014 0% 5% 10% 15% 20% 25% 30% 31
45% of our audience are planning on deploying Application-Aware Firewalls in 2014 Are you planning on deploying application-aware firewalls in the next 12 months?(also called "next-generational firewalls") No, we don't use application-aware firewalls Yes, for granular application control Yes, but only for basic port filtering 45% are planning on deploying Application- Aware Firewalls in 2014. 0% 10% 20% 30% 40% 50% 60% 32
Robert Richardson Editorial Director SearchSecurity.com Thanks! I m: @cryptorobert rrichardson@techtarget.com 33