The 2016 “Data-Driven Security Unleashed” report is the fourth iteration in the Data-Driven Security series. Each report uses core questions for trending demographics and technology uses, but each report has its own unique focus as well. Beginning in 2015, the report began asking more about key drivers and value. “Data-Driven Security Unleashed” also adapted to the marketspace by replacing some of the previous technologies with emerging or impactful solutions.

EMA used the collected data from 250 respondents to paint the picture of perceived most valuable tools and their use cases, as well as the key drivers to adoption and frustrations users experience. During the course of the research, EMA substantiated that insufficient staff is a problem that is only getting worse; this is not due to budget pressures so much as it is the lack of skilled or qualified personnel available in the market.

In 2015, 68 percent of respondents indicated their organizations were experiencing impacts from staffing shortages. That number rose to 76 percent in 2016. While 35 percent of organizations are hiring less skilled/qualified personnel and training them to meet their needs (up five points from last year), 21 percent are saying they just cannot find personnel (up seven points from 2015). However, though staffing issues were the primary frustration within IT security, the idea that meeting compliance requirements detracts from making real security improvement was introduced, along with the recognition that an organization's lack of repeatable, saleable processes is also a major hindrance. Lastly, though organizations did not complain about false positives to the same level they did last year, they indicated that it is difficult to prioritize remediation of threats and exposures. These changes in focus help vendors understand where improvement was made and where it needs to continue.

One of the most intriguing turnarounds for this year's report was the shift in organizations establishing comprehensive security baselines for their environments. Previous to 2015, the rates of completing comprehensive baselines were almost twice as high as they were in 2015. Those rates correlated with several other areas of questioning, supporting a general drop in security, both in perception and reality.

In 2016's report, there is a dramatic reversal of the results that were trending downward. This supports the conclusion that after the mega-breaches of 2014 and 2015, organizations are applying their budgets to improve security in multiple ways. It will be interesting to see if results in future years support this perception of improvement, identifying 2015 as a year of the perceptions and tooling reset, or if it was just an anomalous year.

Though the average was 47 percent, the enterprise segment was higher by four points and, though lower than expected overall, the finance/banking/insurance industry category was the highest at 61 percent. Education was the laggard at only 33 percent.

Culminating the hypothesis that security is improving, respondents' confidence that they are detecting security issues before they have significant impact on the organization surged from 21 percent in 2015 to 52 percent in 2016, reversing the previous four-year trends. This was not only a 147 percent increase above 2015 levels, but a 68 percent increase over 2012 report levels.

In today's world, security is a primary requirement, not an option. Given the complexity of IT and data movement, attack vectors and proliferation of attack surfaces in applications, storage, systems and networks, security professionals live and die by their skills and tools. Skills are not to be underrated, but it is only through the force multiplication provided by top-of-the-line tools that security can get its due coverage. This is why this report is so valuable: it allows security professionals and management to gain insights from others who have the tools. These are insights into what tools provide value, why they provide the perceived value, and why they do not. The following sections bring out these answers with supporting analysis.

The next four sub-sections offered respondents 16 options and an “other,” asking which capabilities they preferred for achieving a given objective. The capabilities centered on tool functionality, and each respondent was allowed to choose up to three of the 10 provided options. The response options are listed below:

• Access path analysis
• Advanced automated or guided response capabilities
• Attack simulation (multi-step attack simulation)
• Better trend analysis or anomaly detection (reducing false positives)
• Business process integration
• Cross solution integrations
• Data aggregation and correlation
• Enhanced data visualization
• Full endpoint control/interrogation
• Full network packet capture or DPI
• Increased ability to easily aggregate and analyze varied data sources
• Network modeling/visualization of architecture
• Network protocol summary capture (netflow, etc.)
• Risk-based scoring/assessment
• Security policy analysis of security & network devices
• Threat impact assessment
• Other

Out of 18 categories of technology evaluated for best value based on total cost of ownership, a Network Security Policy Management (NSPM) solution like Skybox was the second-highest. This rating is easily understandable when readers recognize the breadth and depth that Skybox provides with its solution.

Sixty-one percent of Data-Driven Security respondents indicated that they received expected value from NSPM solutions like Skybox, while an astounding 31 percent said they received greater than expected value from the solutions. Nineteen percent of the organizations that received greater than expected value also indicated they intended to increase their spend on the solutions.

For access to this complete survey, please click here.

David Monahan
Enterprise Management Associates Research