APTs first came on the scene in 2010, creating a wave of fear, hype, and activity. Many organizations increased their spending on information security and believed they were making progress, but ESG research indicates that nearly half of enterprise organizations are still regularly compromised by modern malware. While there is no single solution to this problem, CISOs can improve the efficacy of their threat defenses and security operations by integrating security intelligence into their security technologies and infrastructures. Webroot, a security intelligence leader, is partnering with a number of security device vendors to offer a strong combination of modern malware defenses and integrated security intelligence.
The malware threat landscape is getting worse and many large organizations continue to suffer security breaches as a result. Why? Enterprises often lack the right security skills and their current defenses and security analytics are no match for increasingly sophisticated and stealthy targeted attacks. Fortunately, large organizations recognize these gaps and are increasing security budgets to bolster malware prevention, detection, and response. To benefit from these investments as soon as possible, CISOs should improve malware knowledge, invest in security analytics, and deploy modern anti-malware technologies on networks and hosts.
The primary objective of this ESG research study was to survey security professionals working at enterprise organizations (i.e., 1,000 employees or more) in order to better understand their opinions, experiences, and skills as they pertain to modern malware. Furthermore, ESG wanted to understand how large organizations are preventing, detecting, and responding to malware attacks on a regular basis and what, if anything, is changing.
Company can build on current offering, upset the endpoint security market, and benefit from enterprise security trends.
Enterprises must address the historical separation of organizations and tools with an integration strategy.
Great vision, but IT skills, baggage, and intransigence present major obstacles ahead.
Israeli company provides new opportunities for product sales and enterprise integration.
Transition to an enterprise security technology architecture driven by a multitude of problems rather than one major event.
Security pros need to know what’s happening on endpoints and the network at all times.
Check Point, Cisco, IBM, and McAfee are in the best position.
Web application security testing products and services generally fall into one of two categories—static application security testing (SAST) or dynamic application security testing (DAST)—but some vendors have begun to offer integrated suites of both sets of tools. While some IT and security professionals are quite interested in purchasing SAST and DAST from a single vendor, others purposefully avoid doing so. This brief investigates the interest levels in single-sourcing SAST and DAST, as well as the drivers and inhibitors to this approach.
Basic communications and safeguards are often overlooked.
Mobility and consumerization are having a hard and fast impact on IT. We are no longer in a “command and control” world in which IT dictates which tools employees use (hardware as well as software): More end-users are choosing their own hardware platforms and software applications in lieu of the IT-sanctioned business tools provided by their companies, and IT is sprinting to catch up. These end-users are looking to tackle issues like data sharing, portability, and access from multiple intelligent endpoint devices, creating a conundrum for IT as it needs to balance business enablement, ease of access, and collaborative capacity with the need to maintain control and security of information assets.
Enhances enterprise architecture and adds anti-malware, security intelligence, and forensics.
Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s information security service. With over 25 years of technology industry experience, Jon is widely recognized as an expert in all aspects of information security and is often called upon to help customers understand a CISO's perspective and strategies. Recently, Jon has been an active participant with cybersecurity issues, legislation, and technology within the U.S. federal government.
© 2015 by The Enterprise Strategy Group, 20 Asylum Street, Milford, MA 01757 508.482.0188