SlideShare a Scribd company logo

The top challenges to expect in network security in 2019 survey report

Bricata, Inc., profile picture
Bricata, Inc.

A survey of security professionals highlights that 64% believe network security has become more challenging in 2019, primarily due to insider threats (44%) and complex IT infrastructure (42%). Organizations struggle with integrating multiple security tools, face a surge in security alerts that are difficult to triage, and anticipate an increased importance of threat hunting in the coming year. Key focus areas for improvement include security analytics, integration, and collaboration, as the relationship between security and business is stronger than with devops.

Technology
Related topics:
Network Security Information Security Cyber Threats Cyber Attacks Internet of ThingsCloud Computing InsightsCloud Security Insights
1 of 31
Downloaded 31 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
The Top Challenges in Network Security for 2019 A survey of security professionals identifies network security opportunities, risks and benchmarks CC BY-SA 4.0 by Bricata
Executive Summary • Network security is growing more difficult. 64% of respondents say network security is harder this year as compared to last and for a range of reasons. This includes the sophistication of threats, but also the proliferation of IT infrastructure and the complexity of environments given that changes stemming from cloud, IoT and BYOD, among others. • Insider threats and IT infrastructure complexity are the top challenges. While insider threats (44%) and IT infrastructure (42%) topped the list of network security challenges no single topic drew a simple majority. Lack of leadership support, security technology interoperability, shadow IT, BYOD and the deluge of security alerts were among the top 10. • Too many tools that don’t to talk to each other. Most organizations used between 1-10 tools for the purpose of network security. About one-third of respondents said these tools were not integrated, while another 28% said these tools were just somewhat integrated. No respondents indicated tools in their environment were completely integrated. • Networks security faces a deluge of alerts and can’t investigate them all. About a quarter (26%) of respondents say their organization receives 1,000 or more security alerts per day. More importantly, the vast majority (84%) say these require 5 or more minutes each to triage. “A decent number of false-positives waste quite a bit of time,” wrote one respondent. “On the other hand, some alerts are- -critical, but we are missing vital information, which we then spend ages trying to locate.” Some admit they just can’t review all alerts. • Threat hunting poised for growth. While just about one-third (32%) say they are doing threat hunting today – a majority (61%) of respondents believe that threat hunting will be either more important or much more important in the next 12 months. • Key network security areas to focus on in the next year. Security analytics, security integration and behavioral analysis were the top three areas of security respondents said organizations should focus on over the next year. Interestingly, collaboration out ranked machine learning and AI as a recommended area of focus. • Security has a stronger relationship with the business than it does with DevOps. Some 34% of respondents said the relationship between security and DevOps is strong, while 27% said it isn’t. By contrast, 51% of respondents said the relationship between security and the business is strong, while 22% said it isn’t. 2 | CC BY-SA 4.0 by Bricata
| 3 64% say securing the network is harder or much harder this year than last. 3 | CC BY-SA 4.0 by Bricata
Network security is growing more difficult Most respondents (64%) say network security is harder this year as compared to last, while about one-third (32%) say it’s neither harder or easier. When asked why in an open-ended question, respondents wrote in attributing challenges to several causes: • “Increasing array of threats and threat vectors, as more and more computer systems proliferate throughout offices.” • “Playing catch up because security wasn't a priority with this company until recently.” • “Increase in threats from third-party networks and IoT devices.” • “Doesn't feel like training and education is keeping pace for defenders with what attackers are capable of doing.” • “Hackers are using more complex and comprehensive tools and internal users seemingly are less aware of what they do to reduce protection.” • “More things keep getting added to the network, with more vulnerabilities.” • “Acquisitions have made it more challenging. Supporting both AWS and Azure are also testing our support limits as development rushes into this space headlong.” • “My responsibilities moved from a traditional hardware stack to AWS. Networking in AWS is a whole new ballgame to learn.” • “More deep hackings into previously thought solid safe spaces.” • “Ransomware variants are growing and threats are evolving.” 4 | CC BY-SA 4.0 by Bricata
| 5 5 | CC BY-SA 4.0 by Bricata
Network security faces a broad array of challenges The weakest point in network security may well rest between the keyboard and chair. Some 44% of respondents named insider threats as the single biggest threat in network security. In our assessment “insider threats” are not necessarily malicious and likely include accidental incidents set off by well-intended users inside the network. The top 10 challenges included: Those that selected “other” challenges to this question, wrote in to say understaffing, limited budgets and time constraints were key challenges in their organization. It’s important to note that no single challenge drew a majority of responses. This underscores the diversity of problems facing network security which vary by industry, IT environment and perhaps organizational culture. This reinforces the notion that there isn’t a single solution that will solve every security problem. 1) Insider threats – 44% 2) IT infrastructure complexity – 42% 3) Absence of leader support – 40% 4) Lack of tool interoperability – 37% 5) Shadow IT – 31% 6) Weak controls for provided access – 29% 7) Cloud visibility – 28% 8) BYOD – 26% 9) Too many alerts – 22% 10) Too many tools – 18% 6 | CC BY-SA 4.0 by Bricata
| 7 73% of have between 1 and 10 tools for network security 22% use between 11 and 20 tools for network security 7 | CC BY-SA 4.0 by Bricata
Most organizations use 1-10 tools for network security The majority of respondents (73%) said their organization uses between 1 and 10 tools for network security. About one-fifth (22%) said they use between 11-20 tools. While this particular question is exclusively focused on network security, the responses seem to nest well with other surveys we’ve observed. For example, a 2017 survey found roughly 70% of enterprises use between 10-50 tools across all sectors of cybersecurity including the network. Respondents noted tools alone aren’t the answer. Security technologies must be well planned, implemented properly, adequately resourced with thoroughly-trained security professionals. We will see this more clearly in the next question. 8 | CC BY-SA 4.0 by Bricata
| 9 9 | CC BY-SA 4.0 by Bricata
Security tools do not play well with each other This question brings granularity to the lack of interoperability among security tools. About one-third of respondents (32%) said tools in their organization simply do not share data. Another 28% said these tools were just somewhat integrated. When asked why in an open-ended question, respondents said the following: • “Tools are purchased without ever sending employees to training or bringing hands-on experience from the vendor to assist in integration. We just buy things and cross our fingers that it was a good investment. New leadership, new year, it is getting better.” • “Different vendor tools that don't communicate to one another.” • “Lack of standards for interoperability.” • “Varies by the 'brilliance' of the product.” • “They don't talk to each other. They do talk to the SIEM but that is not enough.” • “I inherited a hodge-podge of non-implemented or half-implemented projects.” • Different solutions have a greater probability of catching issues that the other may not.” We believe the problem has reached a critical mass and as a result, security integration will be added to the list of requirements in the security acquisition process. Enterprises will start demanding that new cybersecurity tools adhere to open standards, open APIs and readily allow the security operations center (SOC) to share data as they deem fit. 10 | CC BY-SA 4.0 by Bricata
| 11 26% say their organization receives 1,000 or more security alerts per day. 11 | CC BY-SA 4.0 by Bricata
| 12 84% say their organization requires 5 or more minutes to triage a security alert. 12 | CC BY-SA 4.0 by Bricata
| 13 82% say their organization spend too much time triaging alerts at least some of the time. 13 | CC BY-SA 4.0 by Bricata
Security cannot investigate every alert Most organizations get a deluge of alerts. A little more than one-third (35%) of respondents say their organization gets 100 or fewer alerts per day. About one-quarter (26%) of respondents put that number at more than 1,000 with 10% of those seeing more than 10,000 alerts. All remaining respondents fell somewhere between 100 and 1,000 daily alerts. These alerts require time to investigate. The vast majority (84%) say it takes five or more minutes to effectively triage an alert. This means an organization with 1,000 alerts – which is a modest example in this survey – would have to triage 12 alerts per hour, for nearly 3.5 days without pausing to get through all of these. The problem is compounded by the fact more alerts pour in all the time and some just require more time to vet properly. For example, 58% of respondents said alerts take double that time – 11 or more minutes to triage. The vast majority (82%) say their organization spends too much time investigating alerts at least some of the time. Much of this is caused by a high signal-to-noise ratio. Many alerts are false positives which overwhelms the resources security teams have at hand. “A decent number of false-positives waste quite a bit of time,” wrote one respondent. “On the other hand, some alerts are critical, but we are missing vital information, which we then spend ages trying to locate.” Some respondents candidly admitted they simply don’t investigate every alert, which risks a sophisticated threat slipping by in plain sight. It’s clear a better means of prioritizing and triaging alerts is needed. 14 | CC BY-SA 4.0 by Bricata
| 15 15 | CC BY-SA 4.0 by Bricata
| 16 61% think threat hunting will be more important over the next year. 16 | CC BY-SA 4.0 by Bricata
Threat hunting poised for growth Threat hunting grew out of the notion that sophisticated threat actors understand how traditional detection technologies work – and evade detection. Even newer tools that tap artificial intelligence and machine learning, aren’t perfect, because these technologies focus on finding variations of known threats. If the threat is new or the technique is novel there isn’t a variation to be detected. As a result, threat hunting is becoming one of the hottest trends in cybersecurity today. While just about one- third (32%) say they are doing threat hunting today – that doubles when asked about the future. A majority (61%) of respondents believe that threat hunting will be either more important or much more important in the next year or so. The findings are generally in line with another study focused on threat hunting conducted earlier this year. 17 | CC BY-SA 4.0 by Bricata
| 18 83% 89% 78% 77% 72% 71% 48% 21% 18 | CC BY-SA 4.0 by Bricata
Areas where security should focus Where should security organization focus their future efforts? On a weighted average based on a five-point scale (which takes into account those that think the concept is less or much less important) the answers stack up like this: Some observations include: • Security integration is liable to become a must-have requirement in procurement; • Behavioral analysis is rising because it’s harder to hide abnormal behavior on the network; • It’s interesting to see that collaboration tops machine learning and AI – human collaboration still matters; and • Signature detection will find 80% of the known malware, but a layered security posture with interwoven advanced capabilities is necessary for identifying sophisticated threats. 1) Security analytics (4.20) 2) Security integration (4.12) 3) Behavioral analysis (4.07) 4) Collaboration (4.00) 5) Machine learning / AI (3.97) 6) Threat hunting (3.88) 7) Signature detection (3.33) 19 | CC BY-SA 4.0 by Bricata
| 20 34% say the relationship cybersecurity has with DevOps is strong 27% say the relationship cybersecurity has with DevOps is NOT strong 20 | CC BY-SA 4.0 by Bricata
| 21 51% say the relationship cybersecurity has with the business is strong 22% say the relationship cybersecurity has with the business is NOT strong 21 | CC BY-SA 4.0 by Bricata
Stronger relationship with the business than DevOps Security seems to have a stronger relationship with the business than with DevOps. Some 34% of respondents said the relationship between cybersecurity and DevOps is strong, while 27% said it isn’t. By contrast, 51% of respondents said the relationship between cybersecurity and the business is strong, while 22% said it isn’t. On some level this makes sense: cybersecurity serves the business while it often finds itself at odds with the change management processes DevOps champions. This is because a newly revealed exploit will exist in a production environment and the risks associated with changing the production environment are precisely why the process is intentionally slow and methodical. Still, it’s surprising because conventional wisdom says both sides have similar goals and speak the same language. If the pace an innovation of threats in the modern cybersecurity landscape have thrust this relationship into focus. 22 | CC BY-SA 4.0 by Bricata
Security professionals in their own words This survey asked one final open-ended question – What is one thing you wish the business would understand about cybersecurity? – and it received 46 responses. A representative sample follows: • “What you get in results, will rarely be outdone by what you give; but what you get, can and almost always does, outweigh what you give.” • “Security culture is extremely important since people are the weakest link in the security chain.” • “It is a continuous process that must encompass every operating, development and planning activity within an institution.” • “That DevOps needs to communicate more clearly and ask security for help, DevOps should not be making security decisions.” • “Its easier with a lower TCO if done correctly up front than it is to try to fix problems after something has been deployed.” • “How much damage one human being can accidentally do through negligence.” • “Cybersecurity is a strategic investment.” • “It is everyone's business and responsibility.” • “It takes money to protect the enterprise, and the IT department requires an adequate budget to implement.” • “[Security] is complex and does not scale easily; it requires budget and FTEs.” • “An understanding of the resources required in order to achieve a rapid response could be improved.” A word cloud of all responses follows on the next page. 23 | CC BY-SA 4.0 by Bricata
| 24 24 | CC BY-SA 4.0 by Bricata
Survey demographics and methodology 25 | CC BY-SA 4.0 by Bricata
| 26 52% of respondents have 10 or more years of experience 26 | CC BY-SA 4.0 by Bricata
| 27 Included retail, consulting, HR and tourism 27 | CC BY-SA 4.0 by Bricata
| 28 28 | CC BY-SA 4.0 by Bricata
Survey methodology This survey was conducted online from November 1, 2018, until November 30, 2018. Survey respondents were solicited by email distributed through two third-party organizations with well-established cybersecurity subscribers. Sixty eight mostly senior respondents with more than 10 years of experience completed the survey. Respondents hailed from a wide distribution of industries. Respondents were most widely represented by technology (29%) and financial (22%) vertical markets, though many also stem from government, education, healthcare and non-profit. Respondents were incentivized with a chance to win one of three $50 gift cards. 29 | CC BY-SA 4.0 by Bricata
Recommended resources • Here’s What Network Threat Hunting Means, Why It Matters, and How to Get Started [blog] • 7 Simple but Effective Threat Hunting Tips from a Veteran Threat Hunter [blog] • Layers of Cybersecurity: Signature Detection vs. Network Behavioral Analysis [blog] • 7 Security Trends Shaping Intrusion Detection Technology [blog] • Snort, Suricata and Bro: 3 Open Source Technologies for Securing Modern Networks [blog] • Introduction to Network Threat Hunting [webinar] • Threat Hunting: Finding Hidden & Undetected Network Threats [webinar] Connect with Bricata on Twitter, LinkedIn or Facebook. 30 | CC BY-SA 4.0 by Bricata
About Bricata, Inc. Bricata is the leader in comprehensive network protection. The Bricata flagship solution provides unparalleled network visibility, full-spectrum threat detection, true threat hunting, and threat resolution capabilities in an intuitive, tightly-integrated and self- managing system. Its automated detection, productive GUIs, and expert system workflows make it easy-to-use for novices; while granular control of its engines, access to rich network metadata and PCAPs, and true threat hunting capabilities give experts the power and control they demand. Bricata has been proven to speed incident resolution by eight times by reliably detecting threats and providing the context necessary to get to the truth quickly and act. For more information visit www.bricata.com.

More Related Content

PDF
2013 Incident Response Survey
FireEye, Inc.
 
PPT
State of endpoint risk v3
Lumension
 
PDF
Impacts cloud remote_workforce
Rodrigo Varas
 
PDF
VIPRE --Responding to Cyberattacks
Abhishek Sood
 
PPTX
State of endpoint risk v3
Lumension
 
PDF
EndpointSecurityConcerns2014
Peggy Lawless
 
PPTX
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Ulf Mattsson
 
PDF
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
FireEye, Inc.
 
2013 Incident Response Survey
FireEye, Inc.
 
State of endpoint risk v3
Lumension
 
Impacts cloud remote_workforce
Rodrigo Varas
 
VIPRE --Responding to Cyberattacks
Abhishek Sood
 
State of endpoint risk v3
Lumension
 
EndpointSecurityConcerns2014
Peggy Lawless
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Ulf Mattsson
 
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
FireEye, Inc.
 

What's hot (15)

PDF
google-experts-VS-regular-users
Thomas Hughes
 
PDF
2010 GISS EY
Vladimir Matviychuk
 
PDF
edgescan vulnerability stats report (2019)
Eoin Keary
 
PDF
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
barbara bogue
 
PDF
University-of-Miami_MEDINA
Kelvin Medina, CISSP, PA-QSA, QSA, GCIH, CISA, ITIL
 
PDF
McAfee Labs 2017 Threats Predictions
Matthew Rosenquist
 
PDF
csxnewsletter
Dominic Vogel
 
PDF
Priming your digital immune system: Cybersecurity in the cognitive era
Luke Farrell
 
PDF
How can i find my security blind spots ulf mattsson - aug 2016
Ulf Mattsson
 
PPTX
Cyber Risk Management in 2017 - Challenges & Recommendations
Ulf Mattsson
 
PDF
What's behind a cyber attack
Andreanne Clarke
 
PPTX
Idge dell reignite2014 qp #2
jmariani14
 
PDF
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Mighty Guides, Inc.
 
PDF
Delve Labs - Upcoming Security Challenges for the Internet of Things
Frederic Roy-Gobeil, CPA, CGA, M.Tax.
 
PDF
The Security Challenge: What's Next?
Cognizant
 
google-experts-VS-regular-users
Thomas Hughes
 
2010 GISS EY
Vladimir Matviychuk
 
edgescan vulnerability stats report (2019)
Eoin Keary
 
Hexis Cyber Solutions: Rules of Engagement for Cyber Security Automation
barbara bogue
 
University-of-Miami_MEDINA
Kelvin Medina, CISSP, PA-QSA, QSA, GCIH, CISA, ITIL
 
McAfee Labs 2017 Threats Predictions
Matthew Rosenquist
 
csxnewsletter
Dominic Vogel
 
Priming your digital immune system: Cybersecurity in the cognitive era
Luke Farrell
 
How can i find my security blind spots ulf mattsson - aug 2016
Ulf Mattsson
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Ulf Mattsson
 
What's behind a cyber attack
Andreanne Clarke
 
Idge dell reignite2014 qp #2
jmariani14
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Mighty Guides, Inc.
 
Delve Labs - Upcoming Security Challenges for the Internet of Things
Frederic Roy-Gobeil, CPA, CGA, M.Tax.
 
The Security Challenge: What's Next?
Cognizant
 
Ad

Similar to The top challenges to expect in network security in 2019 survey report (20)

PDF
Cybersecurity: Perceptions & Practices
Joseph DeFever
 
PDF
Cybersecurity Quarterly Benchmarks Q1 2022
Gartner Peer Insights
 
PDF
Research insights - state of network security
Miguel Mello
 
PPT
State of endpoint risk v3
Lumension
 
PPT
State of endpoint risk v3
Lumension
 
PDF
NEW_Security Priorities 2021_Sample Slides.pdf
IDG
 
PDF
The State of IT Security for 2019
Precisely
 
PDF
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
PDF
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
Symantec
 
PPTX
CompTIA International Trends in Cybersecurity
CompTIA
 
PDF
Guide to high volume data sources for SIEM
Joseph DeFever
 
PPTX
SVB Cybersecurity Impact on Innovation Report
Silicon Valley Bank
 
PDF
2016 Scalar Security Study Executive Summary
patmisasi
 
PDF
Executive Summary of the 2016 Scalar Security Study
Scalar Decisions
 
PDF
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Ivanti
 
PDF
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Marcello Marchesini
 
PDF
Cyber security white paper final PMD 12_28_16
Dave Darnell
 
PDF
Password in 2022
Gartner Peer Insights
 
PDF
Insecure magazine - 51
Felipe Prado
 
PDF
INSECURE Magazine - 42
Felipe Prado
 
Cybersecurity: Perceptions & Practices
Joseph DeFever
 
Cybersecurity Quarterly Benchmarks Q1 2022
Gartner Peer Insights
 
Research insights - state of network security
Miguel Mello
 
State of endpoint risk v3
Lumension
 
State of endpoint risk v3
Lumension
 
NEW_Security Priorities 2021_Sample Slides.pdf
IDG
 
The State of IT Security for 2019
Precisely
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
Symantec
 
CompTIA International Trends in Cybersecurity
CompTIA
 
Guide to high volume data sources for SIEM
Joseph DeFever
 
SVB Cybersecurity Impact on Innovation Report
Silicon Valley Bank
 
2016 Scalar Security Study Executive Summary
patmisasi
 
Executive Summary of the 2016 Scalar Security Study
Scalar Decisions
 
Cybersercurity Resource Allocation & Efficacy Index: 2020 - 2021 Trends
Ivanti
 
Ponemon report : 'Critical Infrastructure: Security Preparedness and Maturity -
Marcello Marchesini
 
Cyber security white paper final PMD 12_28_16
Dave Darnell
 
Password in 2022
Gartner Peer Insights
 
Insecure magazine - 51
Felipe Prado
 
INSECURE Magazine - 42
Felipe Prado
 
Ad

Recently uploaded (20)

PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Advanced IT Governance
University of Hertfordshire
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
GDG Cloud Iasi [PUBLIC] Florian Blaga - Unveiling the Evolution of Cybersecur...
athlonica
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Teaching material agriculture food technology
LiaRayya
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Advanced IT Governance
University of Hertfordshire
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
GDG Cloud Iasi [PUBLIC] Florian Blaga - Unveiling the Evolution of Cybersecur...
athlonica
 

The top challenges to expect in network security in 2019 survey report

  • 1. The Top Challenges in Network Security for 2019 A survey of security professionals identifies network security opportunities, risks and benchmarks CC BY-SA 4.0 by Bricata
  • 2. Executive Summary • Network security is growing more difficult. 64% of respondents say network security is harder this year as compared to last and for a range of reasons. This includes the sophistication of threats, but also the proliferation of IT infrastructure and the complexity of environments given that changes stemming from cloud, IoT and BYOD, among others. • Insider threats and IT infrastructure complexity are the top challenges. While insider threats (44%) and IT infrastructure (42%) topped the list of network security challenges no single topic drew a simple majority. Lack of leadership support, security technology interoperability, shadow IT, BYOD and the deluge of security alerts were among the top 10. • Too many tools that don’t to talk to each other. Most organizations used between 1-10 tools for the purpose of network security. About one-third of respondents said these tools were not integrated, while another 28% said these tools were just somewhat integrated. No respondents indicated tools in their environment were completely integrated. • Networks security faces a deluge of alerts and can’t investigate them all. About a quarter (26%) of respondents say their organization receives 1,000 or more security alerts per day. More importantly, the vast majority (84%) say these require 5 or more minutes each to triage. “A decent number of false-positives waste quite a bit of time,” wrote one respondent. “On the other hand, some alerts are- -critical, but we are missing vital information, which we then spend ages trying to locate.” Some admit they just can’t review all alerts. • Threat hunting poised for growth. While just about one-third (32%) say they are doing threat hunting today – a majority (61%) of respondents believe that threat hunting will be either more important or much more important in the next 12 months. • Key network security areas to focus on in the next year. Security analytics, security integration and behavioral analysis were the top three areas of security respondents said organizations should focus on over the next year. Interestingly, collaboration out ranked machine learning and AI as a recommended area of focus. • Security has a stronger relationship with the business than it does with DevOps. Some 34% of respondents said the relationship between security and DevOps is strong, while 27% said it isn’t. By contrast, 51% of respondents said the relationship between security and the business is strong, while 22% said it isn’t. 2 | CC BY-SA 4.0 by Bricata
  • 3. | 3 64% say securing the network is harder or much harder this year than last. 3 | CC BY-SA 4.0 by Bricata
  • 4. Network security is growing more difficult Most respondents (64%) say network security is harder this year as compared to last, while about one-third (32%) say it’s neither harder or easier. When asked why in an open-ended question, respondents wrote in attributing challenges to several causes: • “Increasing array of threats and threat vectors, as more and more computer systems proliferate throughout offices.” • “Playing catch up because security wasn't a priority with this company until recently.” • “Increase in threats from third-party networks and IoT devices.” • “Doesn't feel like training and education is keeping pace for defenders with what attackers are capable of doing.” • “Hackers are using more complex and comprehensive tools and internal users seemingly are less aware of what they do to reduce protection.” • “More things keep getting added to the network, with more vulnerabilities.” • “Acquisitions have made it more challenging. Supporting both AWS and Azure are also testing our support limits as development rushes into this space headlong.” • “My responsibilities moved from a traditional hardware stack to AWS. Networking in AWS is a whole new ballgame to learn.” • “More deep hackings into previously thought solid safe spaces.” • “Ransomware variants are growing and threats are evolving.” 4 | CC BY-SA 4.0 by Bricata
  • 5. | 5 5 | CC BY-SA 4.0 by Bricata
  • 6. Network security faces a broad array of challenges The weakest point in network security may well rest between the keyboard and chair. Some 44% of respondents named insider threats as the single biggest threat in network security. In our assessment “insider threats” are not necessarily malicious and likely include accidental incidents set off by well-intended users inside the network. The top 10 challenges included: Those that selected “other” challenges to this question, wrote in to say understaffing, limited budgets and time constraints were key challenges in their organization. It’s important to note that no single challenge drew a majority of responses. This underscores the diversity of problems facing network security which vary by industry, IT environment and perhaps organizational culture. This reinforces the notion that there isn’t a single solution that will solve every security problem. 1) Insider threats – 44% 2) IT infrastructure complexity – 42% 3) Absence of leader support – 40% 4) Lack of tool interoperability – 37% 5) Shadow IT – 31% 6) Weak controls for provided access – 29% 7) Cloud visibility – 28% 8) BYOD – 26% 9) Too many alerts – 22% 10) Too many tools – 18% 6 | CC BY-SA 4.0 by Bricata
  • 7. | 7 73% of have between 1 and 10 tools for network security 22% use between 11 and 20 tools for network security 7 | CC BY-SA 4.0 by Bricata
  • 8. Most organizations use 1-10 tools for network security The majority of respondents (73%) said their organization uses between 1 and 10 tools for network security. About one-fifth (22%) said they use between 11-20 tools. While this particular question is exclusively focused on network security, the responses seem to nest well with other surveys we’ve observed. For example, a 2017 survey found roughly 70% of enterprises use between 10-50 tools across all sectors of cybersecurity including the network. Respondents noted tools alone aren’t the answer. Security technologies must be well planned, implemented properly, adequately resourced with thoroughly-trained security professionals. We will see this more clearly in the next question. 8 | CC BY-SA 4.0 by Bricata
  • 9. | 9 9 | CC BY-SA 4.0 by Bricata
  • 10. Security tools do not play well with each other This question brings granularity to the lack of interoperability among security tools. About one-third of respondents (32%) said tools in their organization simply do not share data. Another 28% said these tools were just somewhat integrated. When asked why in an open-ended question, respondents said the following: • “Tools are purchased without ever sending employees to training or bringing hands-on experience from the vendor to assist in integration. We just buy things and cross our fingers that it was a good investment. New leadership, new year, it is getting better.” • “Different vendor tools that don't communicate to one another.” • “Lack of standards for interoperability.” • “Varies by the 'brilliance' of the product.” • “They don't talk to each other. They do talk to the SIEM but that is not enough.” • “I inherited a hodge-podge of non-implemented or half-implemented projects.” • Different solutions have a greater probability of catching issues that the other may not.” We believe the problem has reached a critical mass and as a result, security integration will be added to the list of requirements in the security acquisition process. Enterprises will start demanding that new cybersecurity tools adhere to open standards, open APIs and readily allow the security operations center (SOC) to share data as they deem fit. 10 | CC BY-SA 4.0 by Bricata
  • 11. | 11 26% say their organization receives 1,000 or more security alerts per day. 11 | CC BY-SA 4.0 by Bricata
  • 12. | 12 84% say their organization requires 5 or more minutes to triage a security alert. 12 | CC BY-SA 4.0 by Bricata
  • 13. | 13 82% say their organization spend too much time triaging alerts at least some of the time. 13 | CC BY-SA 4.0 by Bricata
  • 14. Security cannot investigate every alert Most organizations get a deluge of alerts. A little more than one-third (35%) of respondents say their organization gets 100 or fewer alerts per day. About one-quarter (26%) of respondents put that number at more than 1,000 with 10% of those seeing more than 10,000 alerts. All remaining respondents fell somewhere between 100 and 1,000 daily alerts. These alerts require time to investigate. The vast majority (84%) say it takes five or more minutes to effectively triage an alert. This means an organization with 1,000 alerts – which is a modest example in this survey – would have to triage 12 alerts per hour, for nearly 3.5 days without pausing to get through all of these. The problem is compounded by the fact more alerts pour in all the time and some just require more time to vet properly. For example, 58% of respondents said alerts take double that time – 11 or more minutes to triage. The vast majority (82%) say their organization spends too much time investigating alerts at least some of the time. Much of this is caused by a high signal-to-noise ratio. Many alerts are false positives which overwhelms the resources security teams have at hand. “A decent number of false-positives waste quite a bit of time,” wrote one respondent. “On the other hand, some alerts are critical, but we are missing vital information, which we then spend ages trying to locate.” Some respondents candidly admitted they simply don’t investigate every alert, which risks a sophisticated threat slipping by in plain sight. It’s clear a better means of prioritizing and triaging alerts is needed. 14 | CC BY-SA 4.0 by Bricata
  • 15. | 15 15 | CC BY-SA 4.0 by Bricata
  • 16. | 16 61% think threat hunting will be more important over the next year. 16 | CC BY-SA 4.0 by Bricata
  • 17. Threat hunting poised for growth Threat hunting grew out of the notion that sophisticated threat actors understand how traditional detection technologies work – and evade detection. Even newer tools that tap artificial intelligence and machine learning, aren’t perfect, because these technologies focus on finding variations of known threats. If the threat is new or the technique is novel there isn’t a variation to be detected. As a result, threat hunting is becoming one of the hottest trends in cybersecurity today. While just about one- third (32%) say they are doing threat hunting today – that doubles when asked about the future. A majority (61%) of respondents believe that threat hunting will be either more important or much more important in the next year or so. The findings are generally in line with another study focused on threat hunting conducted earlier this year. 17 | CC BY-SA 4.0 by Bricata
  • 18. | 18 83% 89% 78% 77% 72% 71% 48% 21% 18 | CC BY-SA 4.0 by Bricata
  • 19. Areas where security should focus Where should security organization focus their future efforts? On a weighted average based on a five-point scale (which takes into account those that think the concept is less or much less important) the answers stack up like this: Some observations include: • Security integration is liable to become a must-have requirement in procurement; • Behavioral analysis is rising because it’s harder to hide abnormal behavior on the network; • It’s interesting to see that collaboration tops machine learning and AI – human collaboration still matters; and • Signature detection will find 80% of the known malware, but a layered security posture with interwoven advanced capabilities is necessary for identifying sophisticated threats. 1) Security analytics (4.20) 2) Security integration (4.12) 3) Behavioral analysis (4.07) 4) Collaboration (4.00) 5) Machine learning / AI (3.97) 6) Threat hunting (3.88) 7) Signature detection (3.33) 19 | CC BY-SA 4.0 by Bricata
  • 20. | 20 34% say the relationship cybersecurity has with DevOps is strong 27% say the relationship cybersecurity has with DevOps is NOT strong 20 | CC BY-SA 4.0 by Bricata
  • 21. | 21 51% say the relationship cybersecurity has with the business is strong 22% say the relationship cybersecurity has with the business is NOT strong 21 | CC BY-SA 4.0 by Bricata
  • 22. Stronger relationship with the business than DevOps Security seems to have a stronger relationship with the business than with DevOps. Some 34% of respondents said the relationship between cybersecurity and DevOps is strong, while 27% said it isn’t. By contrast, 51% of respondents said the relationship between cybersecurity and the business is strong, while 22% said it isn’t. On some level this makes sense: cybersecurity serves the business while it often finds itself at odds with the change management processes DevOps champions. This is because a newly revealed exploit will exist in a production environment and the risks associated with changing the production environment are precisely why the process is intentionally slow and methodical. Still, it’s surprising because conventional wisdom says both sides have similar goals and speak the same language. If the pace an innovation of threats in the modern cybersecurity landscape have thrust this relationship into focus. 22 | CC BY-SA 4.0 by Bricata
  • 23. Security professionals in their own words This survey asked one final open-ended question – What is one thing you wish the business would understand about cybersecurity? – and it received 46 responses. A representative sample follows: • “What you get in results, will rarely be outdone by what you give; but what you get, can and almost always does, outweigh what you give.” • “Security culture is extremely important since people are the weakest link in the security chain.” • “It is a continuous process that must encompass every operating, development and planning activity within an institution.” • “That DevOps needs to communicate more clearly and ask security for help, DevOps should not be making security decisions.” • “Its easier with a lower TCO if done correctly up front than it is to try to fix problems after something has been deployed.” • “How much damage one human being can accidentally do through negligence.” • “Cybersecurity is a strategic investment.” • “It is everyone's business and responsibility.” • “It takes money to protect the enterprise, and the IT department requires an adequate budget to implement.” • “[Security] is complex and does not scale easily; it requires budget and FTEs.” • “An understanding of the resources required in order to achieve a rapid response could be improved.” A word cloud of all responses follows on the next page. 23 | CC BY-SA 4.0 by Bricata
  • 24. | 24 24 | CC BY-SA 4.0 by Bricata
  • 25. Survey demographics and methodology 25 | CC BY-SA 4.0 by Bricata
  • 26. | 26 52% of respondents have 10 or more years of experience 26 | CC BY-SA 4.0 by Bricata
  • 27. | 27 Included retail, consulting, HR and tourism 27 | CC BY-SA 4.0 by Bricata
  • 28. | 28 28 | CC BY-SA 4.0 by Bricata
  • 29. Survey methodology This survey was conducted online from November 1, 2018, until November 30, 2018. Survey respondents were solicited by email distributed through two third-party organizations with well-established cybersecurity subscribers. Sixty eight mostly senior respondents with more than 10 years of experience completed the survey. Respondents hailed from a wide distribution of industries. Respondents were most widely represented by technology (29%) and financial (22%) vertical markets, though many also stem from government, education, healthcare and non-profit. Respondents were incentivized with a chance to win one of three $50 gift cards. 29 | CC BY-SA 4.0 by Bricata
  • 30. Recommended resources • Here’s What Network Threat Hunting Means, Why It Matters, and How to Get Started [blog] • 7 Simple but Effective Threat Hunting Tips from a Veteran Threat Hunter [blog] • Layers of Cybersecurity: Signature Detection vs. Network Behavioral Analysis [blog] • 7 Security Trends Shaping Intrusion Detection Technology [blog] • Snort, Suricata and Bro: 3 Open Source Technologies for Securing Modern Networks [blog] • Introduction to Network Threat Hunting [webinar] • Threat Hunting: Finding Hidden & Undetected Network Threats [webinar] Connect with Bricata on Twitter, LinkedIn or Facebook. 30 | CC BY-SA 4.0 by Bricata
  • 31. About Bricata, Inc. Bricata is the leader in comprehensive network protection. The Bricata flagship solution provides unparalleled network visibility, full-spectrum threat detection, true threat hunting, and threat resolution capabilities in an intuitive, tightly-integrated and self- managing system. Its automated detection, productive GUIs, and expert system workflows make it easy-to-use for novices; while granular control of its engines, access to rich network metadata and PCAPs, and true threat hunting capabilities give experts the power and control they demand. Bricata has been proven to speed incident resolution by eight times by reliably detecting threats and providing the context necessary to get to the truth quickly and act. For more information visit www.bricata.com.