Date post: | 23-Jan-2018 |
Category: |
Technology |
Upload: | forescout-technologies-inc |
View: | 436 times |
Download: | 5 times |
© 2015 ForeScout Technologies, Page 2
• How well are IT security managers’ needs being met?
– Collaboration between IT security systems
– Automation of security controls
– Continuous monitoring and mitigation
• Finding: Huge gulf between expectation and reality
© 2015 ForeScout Technologies, Page 3
FIREWALL SIEM ATD ENDPOINT EMMVA PATCH
IBM
IBM
© 2015 ForeScout Technologies, Page 4
Gartner, “Designing an Adaptive Security
Architecture for Protection From Advanced
Attacks”, Neil MacDonald and Peter
Firstbrook, 12 February 2014, refreshed
November 19, 2014
“The end result should not be 12
silos of disparate information
security solutions. The end goal
should be that these different
capabilities integrate and share
information to build a security
protection system that is more
adaptive and intelligent overall.”
Figure 1. The Four Stages of an Adaptive Protection Architecture
Source: Gartner (February 2014)
© 2015 ForeScout Technologies, Page 5
• 345 corporate executives and consultants with
information security responsibility
• North America
• Diverse industries: Technology, financial, government,
healthcare, education, manufacturing, utilities, retail
© 2015 ForeScout Technologies, Page 6
“How many security systems (such as, antivirus, mobile device management, vulnerability assessment, firewall,
intrusion prevention, web security, email security, encryption, SIEM, data loss prevention, etc.) do you own?”
Answers were obtained by SC Magazine as part of 2015 IT Security Collaboration Market Study.
Antivirus
Mobile device management
Vulnerability assessment
Firewall
Intrusion prevention
Web security
Email security
Encryption
SIEM
Data loss prevention
13Or more security
systems
© 2015 ForeScout Technologies, Page 7
“Disregarding your SIEM (if you have one), how many of your security and IT management systems directly share
security-related context or control information with one another?”
Answers were obtained by SC Magazine as part of 2015 IT Security Collaboration Market Study.
Antivirus
Mobile device management
Vulnerability assessment
Firewall
Intrusion prevention
Web security
Email security
Encryption
SIEM
Data loss prevention
1to
3directly share
security-related context
© 2015 ForeScout Technologies, Page 8
“How many of your existing security systems (such as, vulnerability assessment, network behavior analysis, etc.)
and risk analysis systems (such as SIEM solutions) can mitigate risk /threats or remediate problems?”
Answers were obtained by SC Magazine as part of 2015 IT Security Collaboration Market Study.
Antivirus
Mobile device management
Vulnerability assessment
Firewall
Intrusion prevention
Web security
Email security
Encryption
SIEM
Data loss prevention
1to
3can mitigate risks
or remediate problems
© 2015 ForeScout Technologies, Page 9
“How helpful would it be if your IT security and management systems were to share information about devices,
applications, users, and vulnerabilities on your network?”
Answers were obtained by SC Magazine as part of 2015 IT Security Collaboration Market Study.
Antivirus
Mobile device management
Vulnerability assessment
Firewall
Intrusion prevention
Web security
Email security
Encryption
SIEM
Data loss prevention
95%
“Helpful or
Very Helpful”
© 2015 ForeScout Technologies, Page 10
“How helpful would it be if the majority of your security systems and risk analysis systems were linked to
automated security controls, such as firewalls, network access control or patch management systems?”
Answers were obtained by SC Magazine as part of 2015 IT Security Collaboration Market Study.
Antivirus
Mobile device management
Vulnerability assessment
Firewall
Intrusion prevention
Web security
Email security
Encryption
SIEM
Data loss prevention
93%
“Helpful or
Very Helpful”
© 2015 ForeScout Technologies, Page 11
1. Current state– Many different IT security systems are being used
– Information sharing between systems is rare
– Automated mitigation is rare
2. Desired state– Strongly desire more information sharing
– Strongly desire more automated mitigation
Antivirus
Mobile device management
Vulnerability assessment
Firewall
Intrusion prevention
Web security
Email security
Encryption
SIEM
Data loss prevention
The
Gap
Is
Huge
© 2015 ForeScout Technologies, Page 12
“More integrated controls would help our IT organization
identify, investigate, respond and resolve security
incidents”
Antivirus
Mobile device management
Vulnerability assessment
Firewall
Intrusion prevention
Web security
Email security
Encryption
SIEM
97%
Answers were obtained by SC Magazine as part of 2015 IT Security Collaboration Market Study.
© 2015 ForeScout Technologies, Page 13
“More integrated controls would help our IT organization
identify, investigate, respond and resolve security
incidents”
“Automated security controls would have allowed us to
avoid a compromise or reduce the impact of the
compromise that we experienced in the last year”
Antivirus
Mobile device management
Vulnerability assessment
Firewall
Intrusion prevention
Web security
Email security
Encryption
SIEM
97%
Antivirus
Mobile device management
Vulnerability assessment
Firewall
Intrusion prevention
Web security
Email security
Encryption
SIEM
57%
Answers were obtained by SC Magazine as part of 2015 IT Security Collaboration Market Study.
© 2015 ForeScout Technologies, Page 14
“More integrated controls would help our IT organization
identify, investigate, respond and resolve security
incidents”
“Automated security controls would have allowed us to
avoid a compromise or reduce the impact of the
compromise that we experienced in the last year”
“Automated security controls will help prevent future
compromise”
Antivirus
Mobile device management
Vulnerability assessment
Firewall
Intrusion prevention
Web security
Email security
Encryption
SIEM
97%
Antivirus
Mobile device management
Vulnerability assessment
Firewall
Intrusion prevention
Web security
Email security
Encryption
SIEM
57%
Antivirus
Mobile device management
Vulnerability assessment
Firewall
Intrusion prevention
Web security
Email security
Encryption
SIEM
78%
Answers were obtained by SC Magazine as part of 2015 IT Security Collaboration Market Study.
© 2015 ForeScout Technologies, Page 15
“Are your security processes (e.g. assessment and patching) mainly done on a periodic basis (weekly, monthly,
etc.) or mainly done continuously?”
“Continuous”Antivirus
Mobile device management
Vulnerability assessment
Firewall
Intrusion prevention
Web security
Email security
Encryption
SIEM
43%
Answers were obtained by SC Magazine as part of 2015 IT Security Collaboration Market Study.
© 2015 ForeScout Technologies, Page 16
“Are your security processes (e.g. assessment and patching) mainly done on a periodic basis (weekly, monthly,
etc.) or mainly done continuously?”
“Continuous”
“Planning to shift toward continuous in the next 12 to 24
months”
Antivirus
Mobile device management
Vulnerability assessment
Firewall
Intrusion prevention
Web security
Email security
Encryption
SIEM
43%
Antivirus
Mobile device management
Vulnerability assessment
Firewall
Intrusion prevention
Web security
Email security
Encryption
SIEM
64%
“Is your organization planning to shift your security processes toward more continuous monitoring and mitigation?”
Answers were obtained by SC Magazine as part of 2015 IT Security Collaboration Market Study.
© 2015 ForeScout Technologies, Page 17
IT Security Managers Reality
• Strongly want IT security
products to share information
• Very few IT security products
share information
© 2015 ForeScout Technologies, Page 18
IT Security Managers Reality
• Strongly want IT security
products to share information
• Strongly want IT security
products to automatically
mitigate threats
• Very few IT security products
share information
• Very few products automatically
mitigate
© 2015 ForeScout Technologies, Page 19
IT Security Managers Reality
• Strongly want IT security
products to share information
• Strongly want IT security
products to automatically
mitigate threats
• Continuous monitoring and
mitigation
• Very few IT security products
share information
• Very few products automatically
mitigate
• Slightly less than half of
organizations practice
continuous monitoring
© 2015 ForeScout Technologies, Page 20
IT Security Managers Reality
• Strongly want IT security
products to share information
• Strongly want IT security
products to automatically
mitigate threats
• Continuous monitoring and
mitigation
• Very few IT security products
share information
• Very few products automatically
mitigate
• Slightly less than half of
organizations practice
continuous monitoring
GA
P
© 2015 ForeScout Technologies, Page 22