Research

Abstract:

It is an obvious move to provide cybersecurity awareness training to employees to ensure their secure use of the company network across multiple cloud and hybrid environments—and it is an arguably altruistic bonus to enhance employee personal life cybersecurity. But does cybersecurity training accomplish what we want it to? Does it effectively stop users from clicking on malicious links in phishing emails or help them recognize a seemingly innocuous email that might offer privileged access to an attacker? Some say yes; some say no. ESG conducted several studies in 2019 that provide insight into respondents’ use of cybersecurity awareness training and their perception of the service.

Abstract:

ESG conducted an in-depth survey of 220 cybersecurity professionals concerning their organizations’ usage of, experiences with, and future plans for cybersecurity services. Survey participants represented small (50 to 99 employees), midmarket (100 to 999 employees), and enterprise-class (1,000 employees or more) organizations in North America (United States and Canada).

This research report reveals how cybersecurity service providers can answer IT’s call for help with advisory, implementation, incident, outsourcing, testing, and specialty services, and also covers purchasing trends.

Abstract:

Malware, phishing, and data theft occur through domain name system (DNS) lookups. DNS security (DNSSEC) is well understood for the secure resolution of these lookups. Managed DNS services using the DNS threat vector for visibility and controls are becoming a desired offering. In a recent ESG survey on cybersecurity services, respondents selected DNS security services as one of the top services engaged in the last 12-18 months. Respondents also called out the need for managed security service providers (MSSPs) to provide DNS security in their offerings.

Abstract:

Sophos announced that it acquired Rook Security and entered the managed detection and response (MDR) market. Channel consideration was of paramount concern in the go-to-market strategy. Sophos’ entrance into MDR will help address a growing requirement in its customer base. Sophos must execute integration, customer retention, and partner success in lock step to achieve its “cybersecurity evolved” goal of creating “an intelligent, integrated system.”

Abstract:

Insight Partners announced on May 30, 2019 that it will acquire Recorded Future for $780M. In a broad market of threat intelligence competitors, Recorded Future shines brightly because of its “all-source” approach. ESG fully expects Recorded Future to expand geographically and continue broadening integrations and partnerships. It must also protect its existing relationships as it grows to the next level.

Abstract:

Risk management services have existed for a long time but have traditionally focused more on business risk generally than security risk specifically. As corporate directors, boards, and executives see more damage done from cyber-attacks, the risk conversation has escalated. But performing cyber risk assessments is hard given architectural complexities, the migration to cloud, and the ever-advancing adversary.