Global Survey Shows Companies Are Using More Automation in Cybersecurity, But Still Have Work to Do
Even much-hyped technologies like artificial intelligence and machine learning are nascent, with minimal adoption globally
SAN JOSE, Calif., Aug. 28, 2018 (GLOBE NEWSWIRE) -- Skybox® Security, a global leader in cybersecurity management, has released the results of a global survey conducted by Osterman Research, Understanding Security Processes and the Need to Automate. The survey, which includes responses from 465 senior security leaders at large enterprises in the U.S., EMEA and APAC,* reveals trends in the use of security automation, as well as artificial intelligence (AI) and machine learning (ML). Survey questions focused on workflows in firewall and security policy management and vulnerability management.
Key findings included some surprises. For example, according to the results, APAC is ahead of the U.S. and EMEA in terms of automation for processes involved in the management of firewall rules and security policy — the automation of these processes is least common in EMEA. And despite being hyped at shows and in the media, technologies such as artificial intelligence and machine learning are still in early days, with few organizations using AI/ML in production — just four percent of respondents in EMEA, nine percent in the U.S. and 27 percent in APAC.
In general, the report reveals that companies worldwide are continuing to struggle with network security management, especially as those networks are growing more complex and increasing in size. Surprisingly, most are only partially automating workflows and processes to help overcome these challenges — but they do see the value and are looking to automate more in the future.
“Many organizations have significant deficiencies with regard to their firewall and security management,” said Michael Osterman, principal analyst of Osterman Research. “Most realize that they need to improve the way they manage security and policy, and they also realize that automating workflows and processes is key to these improvements.”
Additional insights from the report include the following:
- Cutting costs, making better use of skilled employees and network size/complexity are top drivers for automation — but that varies by region. In EMEA, 61 percent of respondents said cost was the number one driver; 43 percent said it was in the U.S. Surprisingly, only 35 percent in APAC ranked costs as the key driver for automation. They instead ranked the difficulty of managing the size and complexity of their network as the primary reason (43 percent), as well as being able to move skilled staff off mundane activities to higher value/skill security tasks (40 percent). The U.S. and EMEA also cited the challenges of managing network size and complexity as a heavy driver (42 percent and 38 percent respectively).
- Better visibility and context are still needed. Organizations are still deficient in understanding network context and having visibility of firewall and security policy, including why firewall rules exist: 37 percent in the U.S., 61 percent in EMEA and 47 percent in APAC said they had only “minimal or some understanding.” Even more surprising, respondents said they have only minimal or some understanding of how security changes impact their business: 49 percent in the U.S., 63 percent in EMEA and 39 percent in APAC. And it appears that identifying vulnerabilities continues to be a challenge, with 53 percent in the U.S., 63 percent in EMEA and 42 percent in APAC having only minimal or some understanding of what vulnerabilities exist on network devices.
- Security staff are bogged down with incident response processes, compliance management and making changes to the security infrastructure. The top things respondents said they spend a “substantial” amount of time on are: incident response triage/prioritization and compliance management for the U.S.; firewall configurations and out-of-process changes for EMEA; compliance management and security changes for APAC.
- Security teams need help, with most organizations admiting they need to make major improvements in how they manage security and policy. The biggest improvements are needed in how organizations decommission applications: 72 percent of respondents in the U.S., 67 percent in EMEA and 54 percent in APAC say they do it “poorly or moderately.” Security teams also need help pruning firewall rules so that rulesets do not become bloated, with 67 percent in the U.S., 78 percent in EMEA and 48 percent in APAC saying they do it “poorly or moderately.” Ironically, these are areas where automation can make a huge impact.
- Automation is an impetus for cloud migration. It’s no surprise that for many companies, migration to the cloud is having a significant impact on the automation of security policy changes. This is most notable in APAC where 43 percent of organizations said cloud is impacting the automation of security policy changes. Survey results also show that the vast majority of organizations are working on initiatives focused on security automation to support cloud environments.
“The good news: security leaders have started on their automation journey,” said Skybox Director of Product Marketing, Sean Keef. “However, the results of this survey show us that many companies have a long way to go. It seems security leaders are still trying to understand where they’re going to get the most value out of automation, while also ensuring they’re not putting the organization at risk. There are many areas, however, where it is absolutely essential to implement automation — and, in fact, where the automation reduces risk. For example, collecting/gathering data for attack surface visibility and modeling, network change management and rule life cycle management. Networks are simply becoming too large and complex to manage manually. If you’re not already working with a vendor in these areas, you should start looking for one.”
Click here to download the full report and to register for the September 18 webinar with Michael Osterman, click here. Michael will discuss further details of the survey and answer questions. Skybox will also present a short overview on how the Skybox® Security Suite can automate core security management workflows.
About Skybox Security
Skybox provides the industry’s broadest cybersecurity management platform to address security challenges within large, complex networks. By integrating with 120 networking and security technologies, the Skybox Security Suite gives comprehensive attack surface visibility and the context needed for informed action. Our analytics, automation and intelligence improve the efficiency and performance of security operations in vulnerability and threat management and firewall and security policy management for the world’s largest organizations.
© 2018 Skybox Security, Inc. All rights reserved. Skybox Security and the Skybox Security logo are either registered trademarks or trademarks of Skybox Security, Inc., in the United States and/or other countries. All other trademarks are the property of their respective owners. Product specifications subject to change at any time without prior notice.
OneChocolate for Skybox Security
United Kingdom: Daniel Couzens
+44 (0)20 7437 0227 | DanielC@onechocolatecomms.co.uk
Germany: Melanie Grasser
+49 (0)89 3888 920 10 | MelanieG@onechocolatecomms.de
France: Xavier Delhôme
+33 1 41 31 75 09 | email@example.com
*The survey was conducted in June 2018 with respondents knowledgeable about security policy management and related issues in organizations with a minimum of 1,000 employees.
One Liberty Plaza - 165 Broadway
NY 10006 New York
GlobeNewswire is one of the world's largest newswire distribution networks, specializing in the delivery of corporate press releases financial disclosures and multimedia content to the media, investment community, individual investors and the general public.
Følg saker fra GlobeNewswire
Registrer deg med din epostadresse under for å få de nyeste sakene fra GlobeNewswire på epost fortløpende. Du kan melde deg av når som helst.
Siste saker fra GlobeNewswire
Real World Cloud Orchestration Facilitates Easy Migration to All-IP18.4.2019 22:05:00 CEST | Pressemelding
For All-IP service providers in Malta and the Netherlands, Patton Cloud edge orchestration has lowered costs with fast, simple activation and management of enterprise IP-Telephony services SmartNode VoIP… More than Just Talk! BERN, Switzerland, April 18, 2019 (GLOBE NEWSWIRE) -- Patton—a U.S. network-equipment manufacturer and multi-national provider of enabling solutions for virtualized network function virtualization (NFV) SD-WAN, All-IP, and unified communications (UC) services—has saved the day for Dutch and Maltese national IP-communications providers with its Patton Cloud network edge orchestration service. VIDEO: Cloud Powered Services Netherlands ISDN Services are going away in the Netherlands. Yet scores of business subscribers can't simply jump into an All-IP network overnight. Investments in ISDN-based systems, fused with established business-processes, preclude such reckless dismantling of on-premise legacy systems. Business customers need flexibility to manage migration to
Acreage Holdings Announces Signing of Arrangement Agreement18.4.2019 17:02:00 CEST | Pressemelding
FRANKFURT, Germany, April 18, 2019 (GLOBE NEWSWIRE) -- Acreage Holdings, Inc. (“Acreage”) (CSE:ACRG.U) (OTC:ACRGF) (FSE:0VZ) and Canopy Growth Corporation (“Canopy Growth”) (TSX:WEED) (NYSE:CGC) (together, the “Companies”) entered into a definitive arrangement agreement (the "Agreement") that grants Canopy Growth the right to acquire 100 percent of the shares of Acreage (the “Right”), with a requirement to do so at such time as cannabis production and sale becomes federally legal in the United States of America (the "Transaction"), subject to obtaining the requisite prior approval of the shareholders of each of Acreage and Canopy Growth, respectively (the “Shareholder Approval”), as well as the approval of the Supreme Court of British Columbia, Canada (the “Court Approval”). Following the Shareholder Approval and the Court Approval, under the terms of the Agreement, and upon exercise of the Right, the total consideration payable pursuant to the Transaction is valued at approximatel
WillScot to Participate at the Credit Suisse Extreme Services Conference18.4.2019 16:19:00 CEST | Pressemelding
BALTIMORE, April 18, 2019 (GLOBE NEWSWIRE) -- WillScot Corporation (“WillScot”) (NASDAQ: WSC), the specialty rental services market leader providing innovative modular space and portable storage solutions across North America, today announced that Brad Soultz, President and Chief Executive Officer, and Tim Boswell, Chief Financial Officer, will host a day of one-on-one and group meetings with investors at the Credit Suisse Extreme Services Conference to be held at Credit Suisse’s New York City office, on Tuesday, May 7, 2019. About WillScot Corporation Headquartered in Baltimore, Maryland, WillScot is the public holding company for the Williams Scotsman family of companies. WillScot trades on the Nasdaq stock exchange under the ticker symbol "WSC," and is the specialty rental services market leader providing innovative modular space and portable storage solutions across North America. WillScot is the modular space supplier of choice for the construction, education, health care, governm
TrueCommerce Datalliance Releases First Platform Update of 201918.4.2019 16:00:00 CEST | Pressemelding
Supply chain software company expands self-service options, more control for customers’ data CINCINNATI, April 18, 2019 (GLOBE NEWSWIRE) -- TrueCommerce, a global provider of trading partner connectivity, integration and unified commerce solutions, has announced today that TrueCommerce Datalliance, its division focusing on vendor managed inventory (VMI) and collaborative replenishment (CR) software, has released its first of three software updates for 2019. In addition to general reliability and stability fixes, the update provides customers with more control over updating specific fields and who has access to that information, as well as adding store-driven demand. Doug Bethea, Vice President of Consumer Goods Solutions said, “Every update is multifaceted. We implement necessary security changes and adjust code to optimize performance for our customers. We also bring our own ideas as value-adds. Additionally, we are always working with customers to implement advanced features as it is
Constellation Brands Enters Into Agreement with Canopy Growth Corporation to Modify Warrants and Other Rights18.4.2019 15:33:00 CEST | Pressemelding
VICTOR, N.Y., April 18, 2019 (GLOBE NEWSWIRE) -- Constellation Brands, Inc. (NYSE: STZ and STZ.B), a leading beverage alcohol company, today announced that it plans to enter into an agreement with Canopy Growth Corporation (“Canopy”) (TSX: WEED, NYSE: CGC), a leading diversified cannabis company, to modify certain warrants and other rights. These changes are the result of Canopy’s intentions to acquire Acreage Holdings, Inc. (“Acreage”) upon U.S. Federal cannabis legalization. Earlier today, Canopy announced (see Canopy press release “Canopy Growth Announces Option to Acquire Leading U.S. Multi-state Cannabis Operator, Acreage Holdings”) it has entered into an agreement with Acreage, a U.S. multi-state cannabis operator, where Canopy plans to acquire the shares of Acreage upon U.S. Federal cannabis legalization (the “Triggering Event”), subject to certain conditions. This transaction, as well as proposed modifications to certain Constellation warrants, are subject to approval by Canopy
Resverlogix’ BETonMACE Phase 3 Trial Successfully Reaches its Targeted 250 MACE Events18.4.2019 14:00:00 CEST | Pressemelding
World’s First Phase 3 BET Bromodomain Epigenetics Trial Reaches Events Target CALGARY, Alberta, April 18, 2019 (GLOBE NEWSWIRE) -- Resverlogix Corp. (“Resverlogix” or the "Company") (TSX:RVX) today announces that BETonMACE, the Company’s event-based, phase 3 registration trial has successfully reached 250 projected major adverse cardiac events (MACE), strictly defined as cardiovascular death, non-fatal myocardial infarction and stroke, moving the trial towards completion. Successful data from this trial would enable Resverlogix to proceed towards the regulatory approval and commercialization of its lead drug, apabetalone. “Resverlogix staff and stakeholders have worked diligently for the past 18 years to attain this extremely exciting goal,” said Donald McCaffrey, President and CEO of Resverlogix. “The trial’s extensive breakthrough clinical data will soon be available to Resverlogix. Successfully meeting the trial’s endpoints, the substantial data set and otherwise new findings would