Upload
others
View
10
Download
0
Embed Size (px)
Citation preview
Joint IDC-The Channel Company Security Survey 2016
Robert Westervelt
Research Manager and
lead of IDC’s Data
Security practice.
Direct: 508.935.4331
Twitter: @rwestervelt
Rob Ayoub, CISSP
Research Director
Security Products and
Solutions, Networking
Security and Security
and Vulnerability
Management
Market Knowledge to Grow Your Business
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 2
IDC-The Channel Company Security Trends
Survey 2016
Threat Landscape & Security Maturity
Security Spending Priorities
Specialized Threat Analysis and Protection
Cloud Security
Guidance
Questions
Talking Points
HACKING
INDUSTRIAL
ESPIONAGE
NATION-STATE ACTIONS
CYBERCRIME
Intelligent Adversaries abound...
They keep on coming…
Feeling better… or worse?
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 5
Beware of “The Big Black Hole
Of Security Spending”…
How Mature Are We?
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 7
Security Survey Methodology
Copyright © 2015 The Channel Company, All rights reserved.
Web-based quantitative survey conducted by
The Channel Company
Fielded July 8 –
August 3, 2016
352 Overall Qualified Respondents
(Selling security hardware, security software and/or security services to clients)
Joint IDC-The Channel Company
Security Survey Objectives
© IDC Visit us at IDC.com and follow us on Twitter: @IDC 9
Measure Security channel
perceptions of opportunity in the
security industry
Identify top risks associated with
channel customer requirements
Identify top channel friendly vendors
that are seizing on enterprise IT
security spending opportunities.
63% 63%59%
56%54%
Data LossPrevention
Modern NetworkSecurity
Modern EndpointSecurity
Managed SecurityServices
Upgrade PC/LaptopSecurity Solutions
Top 5 Customer Priorities Over Next 12 Months
“The 2016
market
tells us…”
Security Spending Priorities:
10
Ransomware
is disrupting
business.
Attackers are
exploiting human
weaknesses.
Q: Thinking about your customers' security spending priorities during the next 12 months,
please rate each of the following on a scale of 1 to 5, where “1” means “Extremely Low
Priority” and “5” means “Extremely High - Top Priority.”
Focus Shifts To Endpoint, Data ProtectionMalware is
evading sig.
defenses
Security Spending Priorities:Focus Shifts To Endpoint, Data Protection
Highest Risks Top Priorities
% of respondents
indicating highest
customer risk areas.
Laptop,
Workstation Risks
Upgrade PC/Laptop Security Solutions
56%Modern Endpoint Security
Insider Errors/Lack of
Judgment
Data Loss Prevention
55%Modern Endpoint Security
Mobile Device RisksModern Network Security
43%
Web Security
Q: What are the top three (3) high-risk areas within your customer environments?
Q: What are the top three (3) cyber-attacks that your
customer networks are currently experiencing?
Top Corporate Network Cyberattacks
12
Specialized Threat
Analysis And Protection
Interest & Adoption Of Specialized
Threat Analysis & Protection
Endpoint STAP Products (Endpointmonitoring, system behavioral analysis to
detect advanced threats)
Boundary STAP Products (Sandboxingsolutions for suspicious file analysis)
Internal Network Analysis STAP Products(Netflow and network traffic analysis to detectand block botnet communication and attacker
movement within the corporate network)
6%
6%
5%
5%
3%
3%
12%
9%
6%
14%
24%
20%
23%
22%
28%
20%
17%
14%
19%
19%
23%
(Not at all Interested) 1 2 3 4 5 6 7 (Extremely Interested)
62%
58%
65%
Q: Please rate your customer’s interest and adoption in STAP products and solutions for advanced threat defense on a
scale of 1 to 7 where 1 means customers are Not At All Interested and 7 means customers are Extremely Interested.
Endpoint Visibility File Analysis
Boundary STAP
Detonates suspicious files
in a protected environment
to examine file behaviors.
Determines if file attempts
to change system settings
or communicate with
suspicious. Servers.
A virtual environment
mirrors an organization.
Internal Network
Analysis
Monitors network flow or
other traffic to discover
suspicious activity.
Network packets provide
source, destination and
application information.
Detect attacker recon
activity, discover internally
spreading malware, and
identify botnet
communication.
Specialized Threat Analysis & Protection
Endpoint STAP
Endpoint client with real-time
monitoring.
Analytics are often
performed at a central server
or in the cloud.
Does not rely on antivirus
signatures.
Behavioral analysis of
memory and application
operations.
15
Comprehensive Defense Strategy Against Modern Attacks
Network Visibility
Convergence
What Is Driving Interest In STAP?
13
4
2
16
Advanced
Threat Defense
Modernizing
Legacy Solutions
Data Breach
Spending
Compliance
Spending
66%
43%
43%
40%
STAP
Data Security
#1
17
Endpoint STAP
1. Cisco AMP Endpoint 49%
2. Symantec ATP Endpoint 48%
3. Palo Alto Traps 33%
4. Intel Security 26%
5. Check Point 18%
Carbon Black
Cylance
Crowdstrike
FireEye
Intel
Symantec
Cybereason
Cyphort
SentinelOne
Leaders by Revenue: Most Frequently Included in
Customer Evaluations
and/or Sales Engagements
Carbon Black Acquires Confer
Carbon Black & IBM
Cylance & Dell
FireEye Challenges
Intel, Symantec Catching Up
Landgrab
In Motion
Endpoint STAP: Blending Modern
And Traditional Detection Methods
© IDC Visit us at IDC.com and follow us on Twitter: @IDC
IP addresses
Domain names
File names, and hashes
Static Indicators – Attacker Behaviors
Behavioral patterns
Machine learning
User activity monitoring
File reputationApplication Whitelisting
Changes to the registry and file system
Detection and Alerting
Response/Forensics
Analysis
Command shell spawned from a
browser and used to modify settings.
Correlate attempts to create, delete or
modify events.
19
Boundary STAP
1. Cisco AMP Sandbox 40%
2. FireEye 29%
3. Palo Alto Wildfire 27%
4. Symantec ATP 26%
5. Sophos Sandstorm 18%
FireEye
Palo Alto Networks
Trend Micro
FireEye
Cisco
Check Point
Lastline
Leaders by Revenue: Most Frequently Included in
Customer Evaluations
and/or Sales Engagements
Palo Alto Adds Subscriptions
Trend Micro Acquires HP TippingPoint
Symantec Acquires Blue Coat
FireEye Challenges
Widely
Adopted
20
Internal Network Analysis STAP
1. Cisco-Lancope 67%
2. RSA Netwitness 56%
3. Blue Coat 48%
4. IBM QRadar 28%
5. Arbor Networks 14%
Cisco-Lancope
Fidelis Cybersecurity
IBM QRadar
RSA Netwitness
Symantec-Blue Coat
Arbor Networks
Vectra Networks
Leaders by Revenue: Most Frequently Included in
Customer Evaluations
and/or Sales Engagements
Hexis Sold in Fire sale
Cisco-Lancope Continued Success
Symantec Acquires Blue Coat
Dell Acquires EMC (RSA)
Core Security Buys Damballa
Evolving
Cloud Security
82% 43%60%
Adoption of Cloud Services
82% of Solution Providers
agreed or strongly agreed
that customers are adopting
secure cloud services such
as file sharing sites, SaaS
messaging solutions – Office
365, Google and others
Connecting, Securing
Mobile Workers
Security is the primary
reason after limited
performance (hard to type,
too small, tasks are too
slow, and so forth) for not
procuring tablets or 2-in-1s.
Increased Risk
60% agree or strongly agree
that adoption of cloud
services has significantly
increased risk throughout
customer organizations
Source: IDC –The Channel Company Security Trends Survey 2016
Cloud Security Adoption: Customer
Preferences
Q: What are your customer preferences for on-premises and
SaaS/cloud SECURITY solutions?
Prefer on-premise security solutions
37%
Prefer cloud
security solutions
21%
Prefer adopting a
hybrid security approach
42%
Cloud, mobility, and Big Data
adoption has increasingly impacted
enterprise’s security strategies.
They add complexity and drive
investments in IT infrastructure and
data protection.
The rising number of cyberattacks
and increasing complexities have
led to demand for managed security
services and more sophisticated
security solutions.
Guidance
Identity Mgt:
Managing Users
and other
sources
Threat Mgt:
Monitoring
activities and
events
Trust Mgt:
Designing
security policy
and process
Vuln. Mgt:
Hardening the
systems
3
4
2
1
25
Q: How Can Solution Providers Help Their Clients?
A: The Four Disciplines
Guidance: Become The Trusted Advisor
Vendor Partnerships: Now is a good time to get attention from
vendors as a landgrab is ongoing for modern endpoint and
network security market share.
STAP Caution: Everyone wants STAP but it is not for everyone.
Solution providers can not pigeonhole their customers into
advanced solutions that require skilled security specialists.
Identify next-generation antivirus solutions.
Risk Assessments, Managed Services: IT security skills
shortage requires solution providers to be the augmenters,
providing managed security services and professional security
services.
Create A Security Blueprint: Guide customers through the
security maturity curve. Consider frameworks, such as the “20
Critical Security Controls.”
Question
&
Answer
© IDC Visit us at IDC.com and follow us on Twitter: @IDC