1、SILVER PLATINUM GOLD Research Sponsors Photo FPO 2019 Cyberthreat Defense Report North America | Europe Asia Pacific | Latin America Middle East | Africa Table of Contents Introduction Research Highlights Current Security Posture Perceptions and Concerns Current and Future Investments Practices and

2、Strategies The Road Ahead Survey Demographics Research Methodology Research Sponsors About CyberEdge Group 2019 Cyberthreat Defense Report 2 Table of Contents Introduction . 3 Research Highlights . 6 Section 1: Current Security Posture . 7 Past Frequency of Successful Cyberattacks. 7 Future Likeliho

3、od of Successful Cyberattacks . 8 Security Posture by IT Domain . 9 Assessing IT Security Functions . 10 Cyberthreat Hunting Inhibitors . 11 The IT Security Skills Shortage . 12 Section 2: Perceptions and Concerns . 13 Concern for Cyberthreats . 13 Responding to Ransomware . 14 Barriers to Establish

4、ing Effective Defenses . 16 Addressing Cloud Security Needs . 18 Vulnerability Patching Challenges . 19 Section 3: Current and Future Investments . 20 IT Security Budget Allocation . 20 IT Security Budget Change . 22 Network Security Deployment Status . 24 Endpoint Security Deployment Status . 26 Ap

5、plication and Data Security Deployment Status . 28 Security Management and Operations Deployment Status . 30 Identity and Access Management Deployment Status . 32 Machine Learning and Artificial Intelligence Investments . 34 Section 4: Practices and Strategies . 36 SSL / TLS Inspection Practices . 3

6、6 Threat Intelligence Platform Practices . 37 Security Analytics Practices . 38 Security Orchestration, Automation, and Response Practices . 39 Use of Managed Security Services Providers . 40 The Road Ahead .41 Appendix 1: Survey Demographics.44 Appendix 2: Research Methodology .46 Appendix 3: Resea

7、rch Sponsors . 46 Appendix 4: About CyberEdge Group .49 Table of Contents Introduction Research Highlights Current Security Posture Perceptions and Concerns Current and Future Investments Practices and Strategies The Road Ahead Survey Demographics Research Methodology Research Sponsors About CyberEd

8、ge Group 2019 Cyberthreat Defense Report 3 SURVEY DEMOGRAPHICS: Responses received from 1,200 qualified IT security decision makers and practitioners All from organizations with more than 500 employees Representing 17 countries across North America, Europe, Asia Pacific, the Middle East, Latin Ameri

9、ca, and Africa Representing 19 industries Introduction CyberEdges annual Cyberthreat Defense Report (CDR) has garnered considerable media attention and accolades over the last five years. Its unlike any research report in the IT security industry. Rather than supplying statistics on specific cyberat

10、tacks and data breaches (which many of our sponsors do quite well), we provide deep insight into the minds of IT security professionals. Now in its sixth year, the CDR has become a staple among IT security leaders and practitioners by helping them gauge their internal practices and security investme

11、nts against those of their peers now across 17 countries and 19 industries. Simply put, there is no other report of its kind. CyberEdge would like to thank our Silver, Gold, and Platinum research sponsors without whose continued support this report would not be possible. Top Five Insights for 2019 A

12、s always, our latest CDR installment yields dozens of actionable insights. But the following are the top five takeaways from this years report at least in our eyes: 1. Security analytics poised for success. 2019 could well be known as the year that security analytics hit its stride. The greatest inh

13、ibitor to IT securitys success is contending with too much security data. Our research participants identified security analytics as the most-wanted security management and operations technology for 2019. 2. Application development migraines. For the second consecutive year, IT security organization

14、s struggle with application development and testing more than any other security process. And application containers are, once again, the Achilles heel of IT security organizations. 3. Ransomware on the rise. Last years ransomware stats were ugly. This years stats are even uglier. The percentage of

15、organizations victimized by ransomware is up, the percentage of organizations paying ransoms is up, and the percentage that lost data by refusing to pay ransoms is up, as well. 4. Machine learning garners confidence. More than 90% of IT security organizations have invested in machine learning (ML) a

16、nd/or artificial intelligence (AI) technologies to combat advanced threats. More than 80% are already seeing a difference. 5. Web application firewalls rule the roost. For the second consecutive year, the web application firewall (WAF) claims the top spot as the most widely deployed app/data securit

17、y technology. About This Report The CDR is the most geographically comprehensive vendor- agnostic study of IT security decision makers and practitioners. Rather than compiling cyberthreat statistics and assessing the damage caused by data breaches (other researchers do a great job there), the CDR su

18、rveys the perceptions of IT security professionals, gaining insights into how they see the world. Specifically, the CDR examines: v The frequency of successful cyberattacks in the prior year and optimism (or pessimism) for preventing further attacks in the coming year v The perceived impact of cyber

19、threats and the challenges faced in mitigating their risks v The adequacy of organizations security postures and their internal security practices v The organizational factors that present the most significant barriers to establishing effective cyberthreat defenses v The investments in security tech

20、nologies already made and those planned for the coming year v The health of IT security budgets and the portion of the overall IT budget they consume Table of Contents Introduction Research Highlights Current Security Posture Perceptions and Concerns Current and Future Investments Practices and Stra

21、tegies The Road Ahead Survey Demographics Research Methodology Research Sponsors About CyberEdge Group 2019 Cyberthreat Defense Report 4 Introduction By revealing these details, we hope to help IT security decision makers and practitioners gain a better understanding of how their perceptions, concer

22、ns, priorities, and defenses stack up against those of their peers in other countries and industries. Applied constructively, the data, analyses, and findings can be used by diligent IT security teams to shape answers to many important questions, such as: v Where do we have gaps in our cyberthreat d

23、efenses relative to other organizations? v Have we fallen behind in our defensive strategy to the point that our organization is now the “low-hanging fruit” (i.e., likely to be targeted more often due to its relative weaknesses)? v Are we on track with both our approach and progress in continuing to

24、 address traditional areas of concern, while also tackling the challenges of emerging threats? v How does our level of spending on IT security compare to that of other organizations? v How are other IT security practitioners thinking differently about cyberthreats and their defenses, and should we a

25、djust our perspective and plans to account for these differences? Another important objective of the CDR is to provide developers of IT security technologies and services with information they can use to better align their solutions with the concerns and requirements of potential customers. The net

26、result should be better market traction and success for solution providers at least those that are paying attention along with better cyberthreat protection technologies for all the intrepid defenders out there. The findings of the CDR are divided into four sections: Section 1: Current Security Post

27、ure The security foundation an organization currently has in place and the perception of how well it is working invariably shape future decisions about cyberthreat defenses, such as: v Whether, to what extent, and how urgently changes are needed v Specific types of countermeasures that should be add

28、ed to supplement existing defenses Our journey into the depths of cyberthreat defenses begins, therefore, with an assessment of respondents perceived effectiveness of their organizations investments and strategies relative to the prevailing threat landscape. Section 2: Perceptions and Concerns In th

29、is section, our exploration of cyberthreat defenses shifts from establishing baseline security postures to determining the types of cyberthreats and other obstacles to security that concern todays organizations the most. Like the perceived weaknesses identified in the previous section, these concern

30、s serve as an important indicator of where and how organizations can best improve their cyberthreat defenses going forward. Section 3: Current and Future Investments Organizations can ill afford to stand still when it comes to maintaining effective cyberthreat defenses. IT security teams must keep p

31、ace with the changes occurring around them whether to the business, technology, or threat landscapes by making changes of their own. With respondents perceptions of the threat landscape and the effectiveness of their organizations defenses as a backdrop, this section sheds light not only on the secu

32、rity technologies organizations currently have in place, but also on the investments they plan to make over the coming year. Table of Contents Introduction Research Highlights Current Security Posture Perceptions and Concerns Current and Future Investments Practices and Strategies The Road Ahead Sur

33、vey Demographics Research Methodology Research Sponsors About CyberEdge Group 2019 Cyberthreat Defense Report 5 Introduction Section 4: Practices and Strategies Mitigating todays cyberthreat risks takes more than investing in the right technologies. You must ensure those technologies are deployed op

34、timally, configured correctly, and monitored adequately to give your organization a fighting chance of not making tomorrows front page news. In this section, we assess best practices IT security professionals embrace for combatting todays threats. We also gauge adoption of leading-edge technologies

35、and ascertain how theyre used. Navigating This Report We encourage you to read this report from cover to cover, as its chock full of useful information. But there are three ways to navigate through this report, if you are seeking out specific topics of interest: v Table of Contents. Each item in the

36、 Table of Contents pertains to specific survey questions. Click on any item to jump to its corresponding page. v Research Highlights. The Research Highlights page showcases the most significant headlines of the report. Page numbers are referenced with each highlight so you can quickly learn more. v Navigation tabs. The tabs at the top of