Advanced organizations are most likely to favor network information security over server security.
Hackers are rattling an assortment of web application windows and doors to find a way in.
Hackers growing more creative, attentive, and persistent.
Mobile computing presents an opportunity to get things right if CISOs approach it with the right strategy.
Next Week’s Open Network Summit may signal a new era in networking equipment.
Nearly half of midmarket and enterprise organizations plan to increase their information security spending in 2013, and only a small number of these organizations expect decreased information security budgets this year. In addition to investigating organizations’ plans to spend in areas such as network security, advanced malware detection and prevention, and mobile device security, ESG also considered the impact of the ongoing security skills shortage on organizations’ security initiatives.
In order to assess the market for web application security testing tools and services, including static application security testing (SAST) and dynamic application security testing (DAST) tools, processes, policies, and services, ESG surveyed 200 IT and information security professionals working at midmarket (100 to 999 employees) and enterprise-class (1,000 employees or more) organizations in North America.
Rapid innovation in product intelligence, data sharing, visualization, and useability will separate leaders from posers.
ESG sees big data information security analytics solutions evolving along a continuum.
Does information security analytics qualify as big data? Considering the challenges involved in capturing, processing, storing, searching, sharing, analyzing, and visualizing all of the data that an organization collects from log files, external intelligence feeds, and other sources, this question is clearly answered as many organizations say that security data collection and analysis would be considered big data within their organizations today. ESG defines the term “big data” as follows: In information technology, big data is defined as a collection of data sets so large and complex that it becomes difficult to process using on-hand database management tools or traditional data processing applications.
Purchasing behavior and information security organization focus has broad market implications.
FireEye, Imperva, Palo Alto Networks and SilverTail success stories driving more interest in funding information security startups.
Good concept but questions remain about timing and vendor motivation on software-defined networking (SDN) and network security.
In spite of marginal progress, privileged accounts remain vulnerable. Why? Sophisticated cyber attacks like APTs take advantage of informal processes, weak security controls, and monitoring limitations to target administrator accounts, compromise their systems, and gain access to valuable IT assets. Tactical changes don’t go far enough. Rather, CISOs need to think in terms of a privileged account security architecture offering central control, management, monitoring, and oversight of privileged accounts for IT assets throughout the enterprise.
Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s information security service. With over 25 years of technology industry experience, Jon is widely recognized as an expert in all aspects of information security and is often called upon to help customers understand a CISO's perspective and strategies. Recently, Jon has been an active participant with cybersecurity issues, legislation, and technology within the U.S. federal government.
© 2015 by The Enterprise Strategy Group, 20 Asylum Street, Milford, MA 01757 508.482.0188