ESG Research Report: Securing the Identity Perimeter with Defense in Depth

Abstract:

The core tenet of a zero trust strategy is least-privilege access. Yet, organizations continue to rely on user and machine identities that are susceptible to compromise, abuse/misuse, and theft. Risk is compounded by over-permissive, static access rights that provide little to no visibility into who and what is using access and how. Vaguer is how identities are being/should be monitored and protected. Availability of modern, cloud-managed identity services is widespread. Yet organizations have been slow to pivot their security programs from traditional endpoint, network, and SecOps to an approach that focuses on identity orchestration and experiences, which is dynamic and distributed. Where there are no perimeters, a multitude of identity verification services and managed identity services exist.

In order to gain insights into these trends, ESG surveyed 488 IT and cybersecurity professionals personally responsible for identity and access management programs, projects, processes, solutions/platforms, and services at large midmarket (500 to 999 employees) and enterprise (1,000 or more employees) organizations in North America (US and Canada).

Topics: Cybersecurity Identity and Access Management

ESG Brief: The Demise of EDR?

Abstract:

As a top investment priority for security organizations, detection and response programs are entering a significant transition as attack surface expansion and threat complexity drive the need for more comprehensive visibility, detection, and response. The extended detection and response (XDR) movement has spawned a plethora of new solution offerings capable of detecting advanced threats by aggregating, correlating, and analyzing telemetry from endpoints, networks, the cloud, and identities together with a new level of more extensive threat intelligence. What impact – if any – do IT and cybersecurity teams anticipate XDR having on their current endpoint detection and response (EDR) solutions?

Topics: Cybersecurity XDR

ESG Brief: Microsoft Makes Gains in Endpoint Security

Abstract:

As expanding device diversity, zero trust, and extended detection and response initiatives drive organizations to reassess endpoint security solution investments, security teams are looking to replace existing tools with more capable, converged platforms. Significant advances in Microsoft's native endpoint security prevention, detection, and response capabilities, together with attractive bundling and pricing options, have propelled a meteoric rise in the popularity of Microsoft Defender for Endpoint over the past two years. While many intend to use Defender as a core component within their endpoint security arsenal, many still plan to supplement, potentially spawning a new opportunity for other security providers to deliver specialized add-on solutions.

Topics: Cybersecurity endpoint security

ESG Research Report: Enterprise Resource Planning Ecosystem Trends

Abstract:

In order to gain insight into the current ERP landscape, including upgrade plans, business drivers, key features, purchase influencers, and deployment models, among others, ESG surveyed 193 qualified respondents at organizations in North America (US and Canada) personally responsible for their organization’s ERP systems and with significant knowledge of the associated plans and budgets.

Topics: Cybersecurity Data Platforms, Analytics, & AI Cloud Services & Orchestration

ESG Brief: A Network-focused Approach to SASE

Abstract:

Secure access service edge (SASE) offers opportunities for both networking and security, but in most organizations the security and networking teams still operate independently. This independence means enterprise strategies for pursuing SASE may often be focused either on networking or security. It should be noted, however, that some organizations are starting with a converged approach. Depending on who is leading the SASE initiative, priorities may differ. This brief will focus on the nearly one-third of organizations taking a network-focused approach to SASE implementation.

Topics: Cybersecurity Networking network security

ESG Infographic: The State of Data Privacy and Compliance

Abstract:

The IT ecosystem is overburdened by seemingly endless new governmental regulations and today's increasingly distributed environments.

Topics: Cybersecurity Data Protection

ESG Brief: Cybersecurity Spending Trends for 2022

Abstract:

IT spending is accelerating in 2022, and cybersecurity initiatives are leading the charge as enterprises race to digitally transform and satisfy heightened customer expectations while simultaneously securing hybrid workforces. Among the top cybersecurity areas targeted for increased spending are cloud security, data security, network security, and endpoint security—indicative of a more holistic approach to cybersecurity investments. Although organizations face a range of cyber-threats, ransomware continues to be among the most challenging attack types, making ransomware readiness a top business priority that’s prompting senior leaders to participate in ransomware strategies.

Topics: Cybersecurity IT Spending Intentions

ESG Research Report: The State of Data Privacy and Compliance

Abstract:

ESG conducted research on the state of data privacy, compliance, and security to better understand the maturity of data privacy and compliance programs, understand the challenges facing organizations when it comes to data security technologies, and examine the use of traditional data loss/leak prevention, emerging data security technologies, and privacy-enhancing technologies (PETs). The survey was completed by 304 business and technology professionals at midmarket (i.e., 100 to 999 employees) and enterprise (i.e., 1,000 or more employees) organizations across North America (United States and Canada).

Topics: Cybersecurity Data Protection

ESG Infographic: Security Hygiene and Posture Management

Abstract:

Disjointed tools and manual processes are creating an unacceptable level of cyber-risk for many organizations.

Topics: Cybersecurity

ESG Complete Survey Results: Security Hygiene and Posture Management

Abstract:

ESG conducted a comprehensive online survey of IT and cybersecurity professionals from private- and public-sector organizations in North America (United States and Canada) between August 3, 2021 and August 14, 2021. To qualify for this survey, respondents were required to be IT and cybersecurity professionals responsible for evaluating, purchasing, and utilizing products and services for security hygiene and posture management (i.e., vulnerability management, asset management, attack surface management, security testing tools, etc.).

This Complete Survey Results presentation focuses on security posture management strategies today, including how organizations are addressing challenges and improving programs, how security and IT operations teams cooperate on all security posture management activities, and priorities associated with security posture management in the coming 12-18 months.

Topics: Cybersecurity