A recent survey of IT managers and security specialists in the 451 Alliance network reveals key trends in the sizzling information security space. Users weighed in on their biggest challenges, as well as key infosec projects and vendors, in a wide variety of security categories.

 
 

Report Highlights

 
 

Top Pain Points. Survey participants cite user behavior and phishing as their top two information security pain points. User behavior has been the top security concern for three years in a row.

Infosec Leaders. Security vendors with the strongest market presence (in terms of in-use installations) include Microsoft, Cisco and Symantec. Other vendors, such as AWS, Check Point, Fortinet, McAfee and Palo Alto Networks, also posted strong showings.

Endpoint Security. Of the many categories of infosec products, endpoint security is emerging as one of the most critical for 451 Alliance members, accounting for 20% of enterprises’ total information security budgets.

 
 

Pain Points

 
 

There’s no shortage of pain points for IT managers in the information security space. However, the majority of the top headaches do not relate to external threats such as malware/ransomware and data theft; rather, they’re about personnel and budget issues.

 
 
Top 10 Infosec Pain Points
 
 

Beyond the top 10 pain point issues, a minority of IT managers cite a number of other information security headaches, including (in descending order):

  • Identity/access management
  • Malicious software (e.g., malware/ransomware)
  • Mobile security 
  • Data classification
  • Data loss/theft
  • Open source security
  • Asset management
  • Firewall/edge network security
  • IoT security
 
 

Key Projects

 
 

To alleviate the pain, IT managers and security specialists have prioritized a number of infosec projects.

 
 
Top 10 Infosec Projects in next 12 months
 
 

In addition to these top project priorities, 451 Alliance members also cite the following areas of focus for the coming year (in descending order):

  • Application security
  • Firewall management and refresh
  • Identity/access control initiatives
  • Intrusion detection/prevention
  • Patch management
  • Incident response
  • Data classification
  • Encryption

To determine project prioritization and secure upper management approval, security professionals rely largely on risk-assessment reports, in addition to compliance requirements and specific business requirements.

Given the breadth of information security projects, it’s no surprise that 87% of the organizations increased their security budgets this year, with an average budget increase of 22%.

 
 

Leading Vendors

 
 

451 Alliance members were also asked to identify their primary vendors in a wide variety of critical information security categories.

Firewalls. Not surprisingly, Cisco (cited by 35% of the survey participants) topped the list in this category, followed closely by Palo Alto Networks, Check Point, Fortinet and Juniper Networks to round out the top five.

Web content filtering. The leaderboard in this category is similar to the leaderboard in firewalls: Cisco, Fortinet, Check Point, Palo Alto Networks and, in a tie, Forcepoint and Zscaler.

Among 451 Alliance companies, 71% have deployed web content filtering, with another 8% planning to do so within the next 12 months.

Vulnerability management. Qualys and Tenable led in vulnerability management deployments (including scanning), followed by McAfee, Rapid7 and Symantec. It’s interesting to note that 16% of the enterprises in the survey use open source software for vulnerability management.

Within the next year, 93% of enterprises will be using vulnerability management products/services.

Encryption/key management. For application and file encryption/key management, Microsoft was the hands-down leader (cited by 59% of the participants), with Gemalto, AWS, Thales and Micro Focus rounding out the top five, albeit with only single-digit in-use percentages for each vendor.

About half of the surveyed companies currently use encryption/key management, while another 20% will implement it within the next year.

Intrusion detection/prevention systems. The top five IDS/IPS vendors were:

  • Cisco
  • Palo Alto Networks
  • Check Point
  • McAfee
  • Fortinet and Symantec (tied)

Enterprise mobility management. Microsoft led the pack in EMM (with a 42% in-use percentage), followed by VMware, MobileIron, Cisco and Citrix.

Less than half (48%) of the surveyed enterprises use EMM today, but another 25% have deployment in their near-term plans.

Information security awareness training. About 30% of the companies in the survey use internally developed applications and practices for infosec awareness training, but about 25% of the companies also cited either KnowBe4 or SANS Institute as key providers in this category.

Web application firewalls. F5 Networks, Fortinet and AWS are the top in-use vendors for WAF, followed by Imperva, Citrix and Cloudflare.

WAF is in use at 55% of the 451 Alliance companies; an additional 5% plan to deploy it within 12 months.

Identity as a service. Microsoft is the leader in IDaaS (cited by 53% of the companies), followed distantly by Okta, RSA, Ping Identity and CA Technologies.

Less than half (46%) of the surveyed enterprises leverage IDaaS today, but adoption will exceed 60% by mid-2020.

Data leakage/loss prevention. The top DLP vendors were:

  • Symantec
  • Microsoft
  • McAfee
  • Forcepoint
  • Sophos and Varonis (tied)

Surprisingly, only 32% of enterprises use DLP, but another 21% plan to deploy it within the next year.

Email security. Microsoft topped the list in this category (with a 46% in-use percentage), followed distantly by Cisco, Trend Micro, Proofpoint and Symantec.

Network isolation/microsegmentation. This category is dominated by Cisco and VMware, with Microsoft, AWS and Illumio also getting mentions.

Only 35% of the 451 Alliance companies (mostly large enterprises) use this emerging technology, but another 33% plan to deploy it in the next year, indicating a rapid increase in adoption.

 
 

Endpoint Security

 
 

One of the topics that generated the most interest among 451 Alliance IT managers and security specialists was endpoint security, which accounts for 20%, on average, of enterprises’ total information security budget (and was eclipsed only by spending on network security).

In a sign of the growing importance of the technology, 39% of the surveyed organizations plan to increase spending on endpoint security over the next 12 months, while only 5% plan to decrease spending.

Spending on endpoint security is accelerating rapidly, in part due to staff mobility between network environments (both on-premises and cloud) and the rise of IoT. Endpoint security solutions range from basic telemetry collection for analysis to full lifecycle protection, detection and response – sometimes integrated into a single platform.

The top five endpoint security vendors were (in descending order):

  1. Symantec
  2. McAfee
  3. Microsoft
  4. Trend Micro
  5. Cisco

Other vendors in endpoint security include smaller players such as Sophos, Carbon Black, CrowdStrike, ESET, Cylance (acquired by BlackBerry), Palo Alto Networks, Kaspersky Lab, Webroot (acquired by Carbonite this year), F-Secure and Cybereason.

Due to the diversity and rapid proliferation of endpoint devices, many enterprises wind up with multiple endpoint security vendors. Although 23% have standardized on a single vendor, 39% have two vendors, 18% have three vendors and 19% have four or more endpoint security vendors.

Despite the number of vendors and tools available to secure endpoints, devices still get compromised by threats such as malware or ransomware. Although many companies increasingly rely on endpoint security tools to automatically ‘clean up’ compromised devices, many enterprises still need to ‘pull’ (retrieve) and re-image the devices.

 
 
Compromised Endpoints
 
 

Who handles endpoint security within an organization depends in part on the size of the organization. At larger enterprises, the security operations (SecOps) team or senior security manager is in charge, while at smaller companies the desktop/IT team is often responsible for endpoint security. The following figure shows responses across organizations of all sizes.

 
 
Who uses endpoint security products?
 
 

Increased awareness of (and focus on) endpoint security will continue to ramp up as increasingly more users bring mobile devices into the corporate environment. The other key driver behind endpoint security spending will be the proliferation of IoT projects and devices.