Many organisations are planning to increase their investment in proactive security controls and threat intelligence measures
Organisations are investing inproactive controls and threat intelligence to stay ahead of emerging threats. Security services, wireless security, next-generation firewalls and advanced malware detection capability will see the most investment growth from a technology perspective, according to analysis of B2B survey data from Forrester’s Forrsights Security Survey, Q2 2013.
The survey looked at budgeting and spending, security group responsibilities, network security technology and services adoption in North American and European organisations for 2013 to 2014 and revealed that 46% of organisations expect to increase their spending on network security in that period.
Network security typically involves significant investment once organisations factor in the cost of equipment plus maintenance and value-added services.
As-a-service investments are focusing on firewalls and threat intelligence. Network firewall monitoring or management and web application firewalls are the top two growth categories of network security technologies that organisations would like to have as a service, with 28% saying they plan to invest in either adoption or expansion in both technologies.
More articles on threat intelligence
Threat intelligence as a service is also a high-growth category, with 26% of organisations saying investment in this service is in their adoption plans. Threat intelligence has emerged as a means by which security professionals can finally proactively prepare for, and respond to, attacks. According to the survey, 63% of security decision-makers say establishing or improving threat intelligence capabilities is a top priority for their organisation.
The top growth categories for 2013/14 network security technology adoption are wireless security, next-generation firewalls and advanced malware detection capabilities. Also, 35% of organisations expect to either adopt measures to address wireless security in the next 12 months or expand or upgrade an existing implementation, while 32% expect to do the same for next-generation firewalls and 29% for advanced malware detection capabilities.
When asked how they would prefer to source network security technologies or services, 57% of organisations said they prefer to source from a single vendor’s portfolio. Security pros are no longer looking for more point solutions to add to their already bloated security infrastructure; they want to simplify integration and management.
Zero trust network
Security analytics and network analysis and visibility (NAV) tools are key components of a zero-trust network. Business executives demand data for decision-making, and security professionals want situational awareness. Security information management (SIM) tools are seen as a solution to fulfil both needs but SIM is not being used to its full potential. Big data and NAV tools for security analytics will provide the extra ingredients to overhaul SIM and move it from merely compliance reporting to providing situational awareness for both the business and IT security.
Almost 30% of organisations plan to invest (by expanding or upgrading a current implementation or by implementing a new system in the next 12 months) in security analytics, and 23% say the same for NAV.
Using a zero-trust model as the basis for a data-centric security approach can help organisations to foster growth and break down organisational silos around the teams responsible for security, infrastructure and operations, enterprise architecture, and so on. Take measures to embed security-mindedness in the entire company, from individual security contributors to the security team to all staff, to ensure the organisation is alert, astute and prepared for any situation.
Security technologies and tools are important, but they are not the only defence. In most organisations, the human aspect of security does not get the attention it deserves. Almost half of firms see the unavailability of security staff with the right skills as a major challenge, citing lack of security operation skills as the biggest problem. It is not easy to hire security staff with the right skills, and the demand for them continues to increase.
Security and skills training
Regardless of the background or seniority of individual security contributors, there is a strong desire for continued personal development and growth. Some 45% of organisations plan to increase their security skills training, and this number is likely to grow.
Based on the survey data, IT security professionals are in a state of transition. Spending appears to be business as usual, but there are rumblings of change on the horizon for network technology adoption. As firms embrace zero trust, investments will support these security architecture and operations initiatives. The data in this Forrester survey offers a view of what North American and European enterprises are doing about network security.
But while it is helpful to see what other companies are doing, it is critical not to become a slave to the data. Consider this benchmark as a guide, using the trends revealed as a starting point for analysing your own budget and technology adoption plans for network security.
Heidi Shey is a security and risk analyst at Forrester Research. This article is an extract from her report, Understand the state of network security: 2013 to 2014
This was first published in April 2014