Organizations may use static, dynamic, or other types of testing tools to validate the security of their web applications, but does all that testing really make a difference? According to ESG research, it does. This research brief looks at the relationship between the use of application security testing tools and the confidence levels that organizations report about the security of their web applications.
Best solutions will collect, process, analyze, and correlate data in three key areas.
Mainstream enterprises need algorithms, intelligence, automation, and collaboration to succeed.
Strong vision, but Cisco must back it up with competitive products, sales/marketing, and user education.
Loss of IT control requires more security oversight, policy management, enforcement and analytics.
Pointing the cybersecurity finger at China won’t solve our problems.
Privacy aside, is this program really worthwhile?
The balance of security processes and skills is lopsided in most organizations. Network security trumps server security at most organizations in a number of ways, from IT experience to the common perception that networks simply require more expansive security efforts than servers. ESG investigated the state of network and server security at midmarket and enterprise organizations, and considered the ramifications for organizations that expend more security resources on their networks at the expense of their servers.
Combination offers benefits for risk management, incident detection, and improved security efficiency.
Push for standards, continuous monitoring, and security automation may encourage industry and commercial sector collaboration and support.
Threats, compliance, and legal requirements driving forensics into the mainstream.
ESG’s Market Landscape Report defines the information security analytics market and includes coverage of 21 vendors. Due to the rapidly changing nature of this emerging market, ESG is making the report available on a complimentary basis for a limited time.
IBM paper suggests changes are needed in cybersecurity education to address this silent problem.
Piecemeal approach won’t work – Federal government mobile computing planning provides a good example of what will.
Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.
© 2016 by The Enterprise Strategy Group, 20 Asylum Street, Milford, MA 01757 508.482.0188