the state of network security: 2018 to 2019 · 2019-07-24 · network security still commands...

benchmarks

The State Of Network Security: 2018 To 2019Benchmarks: The Security Architecture And Operations Playbook

by Heidi SheyNovember 27, 2018

LiceNSed for iNdividuaL uSe oNLy

fOrreSTer.cOm

Key TakeawaysNetwork Security Still commands Significant Budget, But With The Barest Leadin 2018, network security remains the largest slice of the security technology spending budget at an average of 11%, but just barely. and 45% of security decision makers expect to increase spend here in 2018.

Network Security Is One Of The core components Of Zero Trusta comprehensive approach to Zero Trust consists of multiple pillars, including network, workload, data, and workforce/people security. Technologies that enable segmentation, network analysis and visibility (Nav), and security automation and orchestration (Sao) are also critical, and security pros should consider them core Zero Trust pillars.

S&r execs must continue To Invest In People, Not Just Technology And ServicesLack of staff and availability of security staff with the right skills (specifically, security operations) is a consistent challenge. as firms continue to compete for skilled staff, they must invest in skills and career development for their current security teams and augment with third-party expertise where it makes sense to do so.

Why read This reportThis data-driven report outlines budgeting and spending, security group responsibilities, network security technology, and services adoption in North american and european organizations for 2018 to 2019. understanding these trends and their implications will help security and risk (S&r) executives examine and adjust their resources for their enterprises’ security architecture and operations strategies.

This Pdf is only licensed for individual use when downloaded from forrester.com or reprints.forrester.com. all other distribution prohibited.

2

5

9

12

13

© 2018 forrester research, inc. opinions reflect judgment at the time and are subject to change. forrester®, Technographics®, forrester Wave, Techradar, and Total economic impact are trademarks of forrester research, inc. all other trademarks are the property of their respective companies. unauthorized copying or distributing is a violation of copyright law. [email protected] or +1 866-367-7378

forrester research, inc., 60 acorn Park drive, cambridge, Ma 02140 uSa+1 617-613-6000 | fax: +1 617-613-5000 | forrester.com

Table of contents

Post Breach, Firms Increase Spending And See More Requirements

Network Security Still Tops The Security Tech Budget (Just)

Network Security investment focuses on Prevention and detection

Key Network Security and operations Technologies comprise one Part of Zero Trust

Augment Technology With Well-Trained Security Experts

recommendations

Use Benchmarks As A Starting Point For Your Own Analysis

Supplemental Material

related research documents

Gauge your ZTX Security Maturity

Now Tech: ddoS Mitigation Solutions, Q2 2018

The Zero Trust eXtended (ZTX) ecosystem

for SecuriTy & riSK ProfeSSioNaLS

The State Of Network Security: 2018 To 2019Benchmarks: The Security Architecture And Operations Playbook

by Heidi Sheywith Stephanie Balaouras, Madeline cyr, and Peggy dostie

November 27, 2018

Share reports with colleagues. enhance your membership with research Share.

http://www.forrester.com/go?objectid=RES136187



http://www.forrester.com/go?objectid=BIO1192

http://www.forrester.com/go?objectid=BIO1123

For Security & riSk ProFeSSionalS

The State Of Network Security: 2018 To 2019november 27, 2018

© 2018 Forrester research, inc. unauthorized copying or distributing is a violation of copyright law. [email protected] or +1 866-367-7378

2

Benchmarks: The Security Architecture And Operations Playbook

Post Breach, firms increase Spending and See More requirements

from facebook’s continuous data privacy blunders to new revelations about equifax’s massive consumer breach, privacy abuses and breach revelations continued to reach new heights and impact in 2018. a malicious insider threat breach at Tesla attempted to disrupt business operations, while under armor’s MyfitnessPal breach left 150 million user accounts exposed.1 We used the forrester analytics Global Business Technographics® Security Survey, 2018, to identify notable breach and attack trends in 2018 among North american and european security decision makers. We found that:

› most breaches were the result of external incidents. for our respondents, the most common type of breach in the past 12 months was an external attack directly on their organization (see figure 1). of the respondents who suffered an external incident directly, 36% said it occurred via a web application, 35% cited software exploits, and 26% experienced ddoS attacks.

› malicious internal attacks remain a problem. insiders (i.e., employees) who have access to your data or systems are a risk to your organization. Some 55% of our respondents who experienced a breach due to an internal incident reported the cause as reported intentional abuse of access rights from current or former employees; 38% reported accidental or inadvertent misuse by employees; and 7% reported a combination of both. detecting insider threats is a challenge due to employees’ inside knowledge of systems, access to sensitive data, and companies’ overall lack of effective internal monitoring.2

› external attacks on business partners and suppliers are increasing. your business partners, contractors, and suppliers are also insiders, especially if they have access to your firm’s systems or data as part of your relationship. More than one-fifth of breaches that survey participants reported this year were due to an attack on a supplier or business partner. While S&r pros focus on their own firm’s defenses, their efforts to assess third-party risk and set security requirements for business partners and suppliers may fall short — and attackers benefit from this source of vulnerability.

› european and North American firms face similar consumer reactions from breaches. in the past, european firms reported a greater likelihood of suffering brand damage and loss of revenue after a breach than North american firms did. However, in 2018, the two regions are statistically on par. overall, more than half of respondents increase security spending following a breach; nearly half shift their security strategy (see figure 2). Threat intelligence capabilities see the highest spending boost as a reaction to breaches, with prevention technologies and security monitoring following close behind.3 When it comes to shifting their security strategy, respondents most often add regular evaluations or discussions of security and privacy and hire additional iT security staff.




3


fIGUre 1 external attacks are The Leading cause of confirmed Breaches

External attack41%

Internal attack22%

Third-partyincident

21%

Lost/stolen asset15%

Causes of confirmed breaches in the past 12 months

In these cases, 36% were caused by a web application attack, 35% by software exploits, and 26% by DDoS.*

In these cases, 55% were attributed to abuse and malicious intent, 38% to inadvertent misuse and accidents, and 7% to a combination of both.

Base: 1,147 breaches con�rmed by North American and European network security decision makers whose �rms have had a security breach in the past 12 months (20+ employees)

Note: Percentages do not total 100 due to rounding.

Multiple responses accepted.

Source: Forrester Analytics Global Business Technographics® Security Survey, 2018

*




4


fIGUre 2 Security Breaches result in increased Spending and Shifts in Strategy

“What has changed at your �rm as a result of the breaches occurring in the past 12 months?”

Respondents that have increased spending for the following areas after a breach*

58%

48%

49%

24%

18%

51%

41%

47%

25%

17%

Spending increase

Personnel changes

Focus/strategy shift

Brand damage

Revenue hit

North America(N = 210)

Europe(N = 201)

18%15% 15% 14%

12%

Increasedspending onprevention

technologies

Increasedspending on

network detectiontechnologies


incidentresponseprograms


threat intelligencecapabilities

Increasedspending

on securitymonitoring(e.g., SIEM)

Base: North American and European network security decision makers whose �rms have had a security breach in the past 12 months (20+ employees)

Base: 411 North American and European network security decision makers whose �rms have had a security breach in the past 12 months (20+ employees)


*




5


Network Security Still Tops The Security Tech Budget (Just)

in 2012, security teams allocated 24% of the security technology budget to network security.4 in 2018, network security still accounts for the largest slice of the budget but only just: respondents report spending an average of 11% of the budget on it, while data security and cloud security each attract 10%. Looking ahead, 45% of decision makers expect to increase spending on network security, while 7% expect to decrease spending (see figure 3). overall, network security and data security budget allocations have decreased and then leveled out in recent years while other categories of spending — like mobile security, identity management, risk and compliance management, and ioT security — demand greater attention. although cybersecurity budgets may be increasing as a whole, the proportion of the budget allocated to specific areas has shifted, specifically away from solely perimeter-based solutions, and is spread across more categories.

fIGUre 3 Network Security remains The Leading area of information Security Technology investment

Network security

Data security

Cloud security

Security operations

Client threat management

Risk and compliance management

Security analytics

Application security

Internet-of-things (IoT) security

Content security

Threat intelligence

Key infosec technology areas of investment

Base: 875 to 899 North American and European security decision makers (20+ employees)

Base: 1,640 North American and European security decision makers (20+ employees)Source: Forrester Analytics Global Business Technographics® Security Survey, 2018

*

11%Mean percentage of infosec technology budget allocatedto network security in 2018

45% of respondents expect to increase their network security tech budgets from 2018 to 2019.*

7% of respondents expect to decrease their network security tech budgets from 2018 to 2019.*




6


Network Security Investment focuses On Prevention And Detection

Network security typically involves significant investment once organizations factor in the cost of equipment plus maintenance and value-added services. in 2015, network security investment leaned more heavily toward bolstering prevention capabilities.5 While prevention is still important, it’s not the only measure. in 2018, respondents are doing more to balance their investment between prevention and detection capabilities to enable a faster response to anomalous activity and threats. as S&r pros determine whether to build, buy, or source their capabilities, we find that:

› Wireless security and network access control (NAc) solutions see growth. Today, 61% of security decision makers are implementing or expanding implementations of wireless security technologies and Nac solutions; a further 19% plan to do so in the next 12 months. These solutions can approximate or bolster ioT-specific solutions; 31% of respondents are implementing these or expanding implementations.6 other technologies seeing high levels of investment are next-generation firewalls (NGfWs), intrusion prevention systems (iPSes), and security information management/security analytics (see figure 4).7

› As-a-service investments focus on both basic and advanced capabilities. Security analytics/SiM and mobile security are top growth categories for network security services. for example, 54% of our respondents are implementing or expanding implementations of security analytics/SiM as-a-service offerings; 53% say the same for mobile security services. email content security is the most popular service, showing that firms value the maturity of this capability and are continuing to invest here. interest in web application firewall services is also strong, demonstrating the importance of protecting web apps (see figure 5).

› collaboration yields the most value with mSSPs. forrester has encountered many security leaders retaining managed security services providers (MSSPs) to make security “someone else’s problem.” That approach doesn’t work. Successful MSSP engagements are force multipliers, not force replacements, and require months of advance planning so that MSSP capabilities integrate seamlessly into established organizational processes. MSSPs add the most value when maximizing their technical expertise for clients. Work with your technical account manager to ensure that your MSSP is acting as an extension of your established security team, is flexible with customizations, and provides extra context/details behind alerts and threat intelligence.8




7


fIGUre 4 adoption Plans for Network Security and Security operations Technologies

Implementing/implemented Expanding/upgradingimplementation

Planning to implementwithin the next 12 months

Base: 820 North American and European network security decision makers (20+ employees)

Note: Percentages have been rounded.


Wireless security

Network access control (NAC)

Intrusion prevention system (IPS)

Network analysis and visibility (e.g., RSASecurity Analytics, Solera, or Cisco StealthWatch)

Security information management (SIM)/security analytics (e.g., HP ArcSight, RSA

Netwitness Suite IBM QRadar, or LogRhythm)

Next-generation �rewall(e.g., Palo Alto Networks, a layer 7 �rewall)

Standalone advanced malware detection (e.g.,Trend Micro Deep Discovery, FireEye NX/EX)

Security automation and orchestration

Internet-of-things (IoT) security

40%

39%

35%

36%

33%

35%

36%

35%

21%

20%

17%

19%

20%

18%

17%

18%

18%

19%

17%

21%

21%

23%

21%

19%

20%

20%31%

“What are your �rm’s plans to adopt the following network security and security operations technologies?”




8


fIGUre 5 adoption Plans for as-a-Service Security offerings and approaches

Planning to implement withinthe next 12 months

Expanding/upgradingimplementation

Implementing/implemented

Base: 820 North American and European client security decision makers (20+ employees)

Note: Percentages have been rounded.


40%

37%

38%

35%

38%

34%

34%

37%

35%

35%

18%

19%

18%

19%

19%

20%

19%

19%

19%

19%

17%

18%

17%

18%

16%

19%

20%

17%

18%

17%

Web application �rewall

Network �rewall monitoring or management

Web �ltering

Mobile security

Cloud workload security (IaaS, PaaS)

Email content security (e.g., email �ltering)

Security analytics/SIM

Identity and access management

Server security(i.e., physical or virtual workloads)

Log monitoring or management

“What are your firm’s plans to adopt the following ‘as-a-service’ securityofferings/approaches?”




9


Key Network Security And Operations Technologies comprise One Part Of Zero Trust

Bring-your-own-device, ioT, and cloud have introduced a massive area of potential compromise for networks and enterprises. it’s time to focus on defending what matters: the data. The Zero Trust Model eliminates the idea of a trusted network regardless of whether it’s internal or external and stipulates that technology architects must design the network from the inside out.9 This requires a holistic approach that focuses on key pillars (your workloads, network, devices, and workforce) to protect your data, supported by visualization and orchestration capabilities. Key network security and operations technologies that are a part of this approach include:

› Solutions to enable segmentation. if you isolate your sensitive systems and data into a series of network segments, then a breach of the network won’t give cybercriminals or malicious insiders free rein across the entire environment. you can enforce the segments with hardware or software that can granularly control network access, like next-generation firewalls from cisco and Palo alto Networks or software solutions from cyxtera Technologies, illumio, and vMware. even solutions for identity management and governance are important here because they help to reinforce segmentation by limiting users’ access to apps and data in a given segment.10

› Solutions to provide network analysis and visibility. These tools enable you to visualize the types of activities taking place on the internal network as well as the external network. currently, 52% of global security decision makers have implemented Nav tools, while 51% have done the same for security analytics (Sa) in order to gain centralized visibility across the environment for quick threat detection and resolution.11

› Solutions to help with security automation and orchestration. it’s still early days for security automation and orchestration (Sao) tools, which currently allow for different security technologies to talk to each other, orchestrate processes, and automate parts of workflows that don’t require a human analyst.12 forrester expects Sao tools to gain widespread adoption by 2019, as security teams struggle to keep pace with cyberthreats, manage a complex technology environment, and hire experienced staff.13

augment Technology With Well-Trained Security experts

Security technologies and tools are important, but they’re only one aspect of defense. With 2 million job openings in cybersecurity by 2020, a dedication to recruiting and retaining staff is critical.14 in most organizations, the human side of security doesn’t get the attention it deserves.15 unfortunately:

› The lack of skilled technical staff is a major challenge . . . in 2018, 24% of security technology decision makers found the lack of staff a challenge, while 21% said the unavailability of security employees with the right skills is a challenge.16 When we asked what specific skills are most needed in their organizations, respondents across industries said that security operations and




10


malware analysis skills are in the highest demand today, followed by digital forensics and incident response (see figure 6). even though technologies like automated malware analysis tools are in use today, firms still require security professionals to interpret, analyze, and use these tools.

› . . . as is finding staff with business acumen. Technical skills aside, risk management, fraud management, and privacy expertise are also desired skills: More than 25% of security decision makers who said that the unavailability of security employees with the right skills is a challenge for their firm indicated that they needed these skills. Security staff must be able to assess, manage, and effectively communicate the potential impact of security risks and threats for the business as well as getting all stakeholders and employees in an organization engaged and aware of security protocols and best practices.17




11


fIGUre 6 Security Skills are in High demand

Base: 53 to 138 North American and European security decision makers who indicate that unavailability of security employees with the right skills is a challenge for their �rm (20+ employees)Note: Base sizes vary by industry.Source: Forrester Analytics Global Business Technographics® Security Survey, 2018

Man

ufac

turin

gRet

ail a

nd w

hole

sale

Busin

ess

serv

ices

and

cons

truct

ion

Fina

ncia

l ser

vice

s

and

insu

ranc

ePub

lic s

ecto

r and

heal

thca

re

Privacy expertise

Penetration testing

Identity and access management

Mobile security

Event analysis and triage

Malware analysis/reverseengineering

Digital forensics and incidentresponse

Application security

≥40%

Programming, scripting knowledge(Python, Pearl, JavaScript, etc.)

42%

38% 36%

37%

Fraud management expertise

Risk management expertise

Security operations (e.g., devicecon�guration; policy maintenance)

Threat intelligence capabilities

Virtualization; cloudinfrastructure expertise

38%

36%

35%-39%

30%-34%

16%-29%

≤15%

Malware analysisand securityoperationsskills are in thehighest demandacross industries.

35% 47%

39%

36%

39% 49%

36% 35%

“What specific types of skills and experience are most needed in your organization today?”(The top three response options for each industry are shown)

36%

34%

34%

34%




12


recommendations

use Benchmarks as a Starting Point for your own analysis

The data in this report provides a view of what North american and european SMBs and enterprises are investing in and plan to invest in for network security and building Zero Trust networks. However, each organization is unique due to its size, industry, long-term business objectives, and tolerance for risk. While it’s helpful to see what other firms may be spending and doing, it’s critical that S&r executives not become slaves to the data. consider this benchmark as a guide, where the key trends and takeaways seen can serve as a starting point for analysis of your own budget and technology adoption plans for network security.

Based on the network security trends we’ve identified for 2018 to 2019, S&r pros must:

› evaluate how network security technology investments support Zero Trust principles. you don’t have to rip and replace your existing network infrastructure to make Zero Trust a reality for your organization. Make smarter technology upgrade decisions; for example, consider how software-based approaches to microsegmentation can help create secure perimeters or enclaves of your most sensitive workloads. view network technology investments through a Zero Trust enablement lens. and if you can use a platform capability to enable Zero Trust principles, do it. The use of integrated technology within the platform helps you avoid a frankenstein approach of cobbling together capabilities.

› Assess capabilities for hunting insider threats. data theft is an inside job, or rather, it often appears that way because of privileged access to sensitive information. after all, an external attacker will often masquerade as an insider. Technology alone won’t be enough. you’ll also need to understand people’s motivations and behaviors, and develop processes to help identify insider threats.18

› examine security skills and expertise gaps for future needs. assess capabilities of your in-house team, managed security services provider (if applicable), and vendor resources.19 develop a plan and budget for augmenting skills on your security team, as well as developing adjacent and upcoming talent in your technology workforce.20 determine where it would make more sense (from a practical and financial standpoint) to rely on the expertise of a third-party provider.




13


Supplemental Material

Survey methodology

The forrester analytics Global Business Technographics Security Survey, 2018, was fielded between May and June, 2018. This online survey included 3,089 respondents in australia, canada, china, france, Germany, the uK, and the uS.

forrester analytics’ Business Technographics ensures that the final survey population contains only those with significant involvement in the planning, funding, and purchasing of business and technology products and services. research Now fielded this survey on behalf of forrester. Survey respondent incentives include points redeemable for gift certificates.

Please note that the brand questions included in this survey should not be used to measure market share. The purpose of forrester analytics’ Business Technographics brand questions is to show usage of a brand by a specific target audience at one point in time.

engage With an analyst

Gain greater confidence in your decisions by working with forrester thought leaders to apply our research to your specific business and technology initiatives.

forrester’s research apps for iOS and Android.Stay ahead of your competition no matter where you are.

Analyst Inquiry

To help you put research into practice, connect with an analyst to discuss your questions in a 30-minute phone session — or opt for a response via email.

Learn more.

Analyst Advisory

Translate research into action by working with an analyst on a specific engagement in the form of custom strategy sessions, workshops, or speeches.

Learn more.

Webinar

Join our online sessions on the latest research affecting your business. each call includes analyst Q&a and slides and is available on-demand.

Learn more.

http://www.forrester.com/app

http://forr.com/1einFan

http://www.forrester.com/Analyst-Advisory/-/E-MPL172

https://www.forrester.com/events?N=10006+5025




14


endnotes1 See the forrester report “The eight Business and Security Benefits of Zero Trust.”

2 detecting insiders requires a defined process and a focused team in addition to detection technologies. See the forrester report “Best Practices: Mitigating insider Threats.”

3 for figure 2, we grouped responses to the question “What has changed at your firm as a result of the breaches occurring in the past 12 months?” into five categories: 1) “focus/strategy shift” includes “additional security and audit requirements,” “security and/or privacy are regularly evaluated/discussed,” “added required 2-factor authentication for all employees,” and “offered optional 2-factor authentication for customers”; 2) “Spending increase” includes “increased spending on detection technologies (e.g., rSa NetWitness, carbon Black, Mandiant Mir),” “increased spending on prevention technologies,” “increased spending on incident response programs,” “increased spending on threat intelligence capabilities,” “engaged with a breach notification services provider (e.g., allclearid, experian),” and “increased spending on endpoint detection technology”; 3) “Brand damage” includes “bad publicity,” “greater difficulty attracting new customers,” and “concerns about the impact on our brand/reputation”; 4) “Personnel changes” includes “switched security vendors or service providers,” “switched iT auditors,” “laid off employees,” “increased spending on or hired external iT support,” and “hired additional iT security staff”; and 5) “revenue hit” includes “lost customers” and “lost business partners.”

4 Source: forrester analytics forrsights Security Survey, Q2 2012. See the forrester report “understand The State of Network Security: 2012 To 2013.”

5 Source: forrester analytics Global Business Technographics Security Survey, 2015. See the forrester report “understand The State of Network Security: 2015 To 2016.”

6 See the forrester report “Techradar™: internet of Things Security, Q1 2017.”

7 Source: NGfWs can contain iPS functions, yet demand for standalone iPS is still high because of Pci requirements and because it’s a core proactive protection technology. for example, NGfWs and their capability for layer 7 inspection are one component of ensuring you have the right level of protection in place to combat ransomware attacks. See the forrester report “ransomware Protection: five Best Practices.”

8 See the forrester report “Lessons from The forrester Wave™: MSSPs, North america, Q3 2016.”

9 The old model of perimeter security no longer applies, and the constant parade of breach events further highlights the need for Zero Trust, a data-centric model of information security. See the forrester report “The Zero Trust eXtended (ZTX) ecosystem.”

10 See the forrester report “The forrester Tech Tide™: Zero Trust Threat Prevention, Q3 2018.”

11 Source: forrester analytics Global Business Technographics Security Survey, 2018. See the forrester report “The forrester Wave™: Security analytics Platforms, Q3 2018.”

12 Sao tools promise to automate repeatable, manual tasks to enable faster response and free up security analysts for higher-value work as well as enable faster response. See the forrester report “The Top Security Technology Trends To Watch, 2017,” see the forrester report “reduce risk and improve Security Through infrastructure automation,” and see the forrester report “Now Tech: Security automation and orchestration (Sao), Q3 2018.”

13 These factors are finally forcing S&r pros to seek out security automation solutions to increase effectiveness and to speed threat response in security operations. in this report, we examine five breakout vendors that you should consider as you move forward with your security automation and orchestration (Sao) strategy. See the forrester report “Breakout vendors: Security automation and orchestration (Sao)” and see the forrester report “rules of engagement: a call To action To automate Breach response.”

14 See the forrester report “Best Practices: recruiting and retaining Women in cybersecurity.”

























15


15 over time, outdated skills; stagnated thinking; and complacency in security personnel, the security group, and the organization itself become a threat to the business. it’s time for S&r leaders to invest in themselves, their staff, and all employees because employees — not technologies — are the ones responsible for security strategy design, implementation, and behavioral change. for more information, see the forrester report “Maintain your Security edge.”

16 Source: forrester analytics Global Business Technographics Security Survey, 2018.

17 See the forrester report “enable Secure communications To Protect data and Privacy.”

18 This report describes how to build an insider threat program. See the forrester report “Best Practices: Mitigating insider Threats.”

19 See the forrester report “The forrester Wave™: emerging Managed Security Services Providers (MSSPs), Q3 2018” and see the forrester report “The forrester Wave™: Global Managed Security Services Providers (MSSPs), Q3 2018.”

20 See the forrester report “Best Practices: recruiting and retaining Women in cybersecurity.”








We work with business and technology leaders to develop customer-obsessed strategies that drive growth.

Products and services

› core research and tools › data and analytics › Peer collaboration › analyst engagement › consulting › events

Forrester research (nasdaq: Forr) is one of the most influential research and advisory firms in the world. We work with business and technology leaders to develop customer-obsessed strategies that drive growth. through proprietary research, data, custom consulting, exclusive executive peer groups, and events, the Forrester experience is about a singular and powerful purpose: to challenge the thinking of our clients to help them lead change in their organizations. For more information, visit forrester.com.

client suPPort

For information on hard-copy or electronic reprints, please contact client support at +1 866-367-7378, +1 617-613-5730, or [email protected]. We offer quantity discounts and special pricing for academic and nonprofit institutions.

Forrester’s research and insights are tailored to your role and critical business initiatives.

roles We serve

Marketing & Strategy ProfessionalscMoB2B MarketingB2c Marketingcustomer experiencecustomer insightseBusiness & channel strategy

Technology Management Professionalscioapplication development & deliveryenterprise architectureinfrastructure & operations

› security & risksourcing & vendor Management

Technology Industry Professionalsanalyst relations

142234

the state of network security: 2018 to 2019 · 2019-07-24 · network security still commands...

Documents