Research

Abstract:

Web applications are critical resources for companies conducting business with their clients. These companies can't afford to have these applications unavailable or compromised due to a cyber-attack. As a result, most organizations have made web application security one of their top cybersecurity priorities, and in many cases, the top priority. In doing so, companies are transitioning away from dedicated security tools that are proving to be inadequate in preventing attacks on multiple fronts. Integrated web application and API security protection (WAAP) platforms are fast becoming an attractive option for organizations.

Abstract:

Business applications are the lifeblood of enterprises. Protecting them from various forms of attacks are first and foremost on the minds of security teams. Dedicated application security tools designed to prevent specific types of attacks are proving inadequate and contributing to tool sprawl. As a result, the security market is moving toward integrated web application and API protection (WAAP) platforms that combine four critical types of protection: WAF, DDoS mitigation, bot management, and API security.

Abstract:

In the face of an increasingly complex threat landscape and acute shortage of cybersecurity professionals, security teams spend a large portion of their time on emergency issues instead of on continuous improvement of security strategy. Organizations are taking steps to bolster operations with the use of advanced analytics, a wider application of the MITRE ATT&CK framework, and increased utilization of managed security services. Security professionals also report that their organizations still need more investment in personnel, technology, and services. The upshot: Security spending will continue to increase in 2023, regardless of economic pressures.

Abstract:

The complexity and scope of the threat landscape, coupled with an acute shortage of security skills, is driving organizations of all sizes to increase their reliance on managed security services. The shift will require both parties to sharpen their skills: Security organizations will need to become more adept in contract management and division of labor, while managed security service providers (MSSPs) must scale and customize their offerings.

Abstract:

Hybrid and multi-cloud usage in organizations continues to be pervasive as more organizations turn to a cloud-first strategy, but organizations still plan on hosting business apps on-premises for the foreseeable future. Though this trend is larger than just end-user computing and desktop virtualization, it signals the need for flexibility when it comes to delivering workloads to support the digital workspace.

Research Objectives

Determine the extent to which organizations are pursuing a UCaaS solution to help consolidate communication channels and aggregate collaboration applications. Understand the common tipping point for stakeholders to consolidate the multiple existing communication and collaboration platforms into a UCaaS solution. Gain insights into what matters most for IT operations, LoB executives, and end-users, as well as what may be slowing down UCaaS investment. Gauge buyer preferences for the capabilities, economics, and business value of a UCaaS solution.

Abstract:

The 2023 Technology Spending Intentions Survey from Enterprise Strategy Group indicates that organizations focused on rapidly developing and deploying cloud-native applications use DevOps and agile software development methodologies more frequently than others. This implies that being cloud-native is as much about embracing iterative methodologies as it is about the technology. The survey findings also suggest that an organization’s use of cloud-native applications and its level of adoption of agile methodologies can have a substantial impact on its digital transformation journey and maturity.

Research Objectives

Cyber-threat intelligence (CTI) is analyzed information about cyber-threats that helps inform security decision making. Although security professionals recognize the value of cyber-threat intelligence, many organizations still consume it on a superficial basis. Rather than collect, process, analyze, and disseminate cyber-threat intelligence to internal stakeholders, they simply look to cyber-threat intelligence for indicators of compromise (IoCs) like malicious IP addresses, web domains, and files that could be blocked by firewalls, email gateways, and endpoint security tools. Unfortunately, an IoC-based approach to CTI is extremely limited as adversaries can easily change IoCs, thus circumventing security controls, signatures, and blocking rules. Recognizing these limitations, most organizations have established CTI teams to gain a better understanding of the cyber-threats, adversaries, and attacks with the potential to disrupt business operations or steal sensitive data. This is the right decision, but establishing a productive CTI program isn’t easy. CTI program success depends upon a lifecycle approach spanning five phases:

1.      Planning and direction.

2.      CTI collection.

3.      Processing.

4.      Analysis and production.

5.      Dissemination and feedback.

Mature CTI programs formalize this lifecycle approach, gain a thorough understanding of adversary behavior, and respond with appropriate countermeasures. Immature CTI programs are fraught with waste, overhead, and constant questioning of program results and value. Are organizations establishing mature CTI programs? What are the key success factors? In order to gain insights into these trends, TechTarget’s Enterprise Strategy Group surveyed 380 cybersecurity professionals at organizations in North America (US and Canada) with knowledge of and participation in their organization’s CTI programs.

Research Objectives

Determine the current state of cyber-threat intelligence (CTI) programs. Identify the stakeholders using cyber-threat intelligence and for what purposes. Highlight CTI program challenges and strategic plans. Determine the behavior and use cases of mature CTI programs.

Abstract:

Communication and collaboration platforms directly affect employee experience, productivity, and engagement, which brings them to the attention of IT professionals and executives.

Explore notable data points from Enterprise Strategy Group's study of these technologies with this infographic.

Abstract:

It's more important than ever that business-critical data is available, but there is still a problematic misunderstanding about the responsibility for protecting SaaS data.

See fresh research into this market dynamic with the infographic, Data Protection for SaaS.