Nearly half of midmarket and enterprise organizations plan to increase their information security spending in 2013, and only a small number of these organizations expect decreased information security budgets this year. In addition to investigating organizations’ plans to spend in areas such as network security, advanced malware detection and prevention, and mobile device security, ESG also considered the impact of the ongoing security skills shortage on organizations’ security initiatives.
In order to assess the market for web application security testing tools and services, including static application security testing (SAST) and dynamic application security testing (DAST) tools, processes, policies, and services, ESG surveyed 200 IT and information security professionals working at midmarket (100 to 999 employees) and enterprise-class (1,000 employees or more) organizations in North America.
Rapid innovation in product intelligence, data sharing, visualization, and useability will separate leaders from posers.
ESG sees big data information security analytics solutions evolving along a continuum.
Does information security analytics qualify as big data? Considering the challenges involved in capturing, processing, storing, searching, sharing, analyzing, and visualizing all of the data that an organization collects from log files, external intelligence feeds, and other sources, this question is clearly answered as many organizations say that security data collection and analysis would be considered big data within their organizations today. ESG defines the term “big data” as follows: In information technology, big data is defined as a collection of data sets so large and complex that it becomes difficult to process using on-hand database management tools or traditional data processing applications.
Purchasing behavior and information security organization focus has broad market implications.
FireEye, Imperva, Palo Alto Networks and SilverTail success stories driving more interest in funding information security startups.
Good concept but questions remain about timing and vendor motivation on software-defined networking (SDN) and network security.
In spite of marginal progress, privileged accounts remain vulnerable. Why? Sophisticated cyber attacks like APTs take advantage of informal processes, weak security controls, and monitoring limitations to target administrator accounts, compromise their systems, and gain access to valuable IT assets. Tactical changes don’t go far enough. Rather, CISOs need to think in terms of a privileged account security architecture offering central control, management, monitoring, and oversight of privileged accounts for IT assets throughout the enterprise.
Technology and innovation got all the attention at RSA 2013 while information security service providers can’t keep up with demand.
The recent wave of information security breaches has gotten attention from the corner office. CEOs and corporate boards are now willing to invest more time and attention in cybersecurity but they are also demanding better visibility, monitoring, and oversight of IT risk so they can make informed and timely investment decisions. Unfortunately, CISOs are hamstrung by legacy security tools which collectively generate huge volumes of data but can’t consolidate and report on this data in a way that is meaningful to the business stakeholders. What’s needed? A next-generation security management architecture built for scale, integration, automation, and business/IT analytics.
FireEye, Palo Alto Networks, and new cybersecurity requirements were buzzing at RSA 2013.
The information security industry is improving but many don’t understand the principles of security or their customers.
The information security industry is trending in the right direction but more work lies ahead.
Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s information security service. With over 25 years of technology industry experience, Jon is widely recognized as an expert in all aspects of information security and is often called upon to help customers understand a CISO's perspective and strategies. Recently, Jon has been an active participant with cybersecurity issues, legislation, and technology within the U.S. federal government.
© 2014 by The Enterprise Strategy Group, 20 Asylum Street, Milford, MA 01757 508.482.0188
Enter your email address, and click subscribe