Organizations use a lot of different products as part of IT security operations, but they have much more confidence in some of those security tool than others, according to eSecurity Planet‘s newly released 2019 State of IT Security survey.
Simulation technology doesn’t impress
Topping the list of security solutions that organizations lack confidence in are simulation technologies like phishing simulation and breach and attack simulation (BAS). Across organizations of all sizes, 24 percent of respondents indicated that they were not confident in phishing simulations, while 20 percent noted they were not confident in BAS solutions.
Ironically, even though organizations lack confidence in phishing simulations, 31 percent indicated that it was an area where there is a need for employee education and training. As end users are frequently the cause of security mishaps and simulation tools can do only so much to break those habits, the frustration is understandable.
Patch management not a cure-all
One of the most commonly cited root causes of data breaches in recent years has been unpatched vulnerabilities. It was an unpatched software component that led to the massive Equifax data breach, for example.
Patch management technology, designed to help organizations identify, deploy and manage patches across their application infrastructure, is a widely adopted technology. Nearly half (48 percent) of respondents indicated that their organizations use it, but that’s not the whole story.
Respondents to the eSecurity Planet survey had somewhat mixed views on the state of patch management within their organization. Across organizations of all sizes, 19 percent ranked patch management as a technology they are confident in, with 11.6 percent saying they lack confidence in patch management. Additionally, 13.2 percent said their organizations need more education and training when it comes to patch management.
SOAR isn’t soaring
One of the emerging trends in the last year has been a technology approach known as SOAR (security orchestration, automation and response), which ties together different technologies in an automated and coordinated way to respond to security issues faster.
While vendors have been pushing SOAR as the way forward, it ranked poorly in the survey.
While 21 percent of organizations indicated they are using SOAR, only a paltry 2.5 percent indicated they are confident in the technology.
Confidence is high for network-level security
Network-level security technologies, such as network access control (NAC), DNS filtering, next-generation firewalls (NGFW) and intrusion detection and prevention systems (IDPS) generally inspired confidence among survey respondents.
NAC topped the list of security technologies that users have the most confidence in, with 25.6 percent saying they trust NAC. DNS filtering came in second at 24.8 percent, while NGFW and IDPS scored 17.4 and 15.7 percent, respectively. Users thus appear generally happy with the ability of perimeter security technologies to repel threats. These technologies also benefit from having been around longer, and thus users have more comfort and familiarity with them.
Deception technology is another emerging area of cybersecurity, with varying approaches designed to lure and trap potential attackers. The idea has gained some traction, with 21 percent of respondents saying their organization is using deception technology.
However, 19 percent of respondents indicated that they lack confidence in deception technology, ranking third behind phishing simulation and BAS technology for lack of confidence, so deception technology vendors could do a better job selling users on the value of the technology.
Vendor confidence and loyalty
Aside from just looking at user confidence in specific technologies technology, the eSecurity Planet survey also looked at vendor confidence and loyalty.
Nearly 40 percent of respondents across organizations of all sizes indicated that they never engage in competitive bakeoffs of security technologies, while 27.3 percent said they do so infrequently.
An overwhelming majority (93.4 percent) say they have never switched to a new vendor technology after a competitive bakeoff, so dislodging an incumbent vendor is not an easy task.
Takeaways for IT security pros
Cybersecurity is full of unknowns, so a lack of confidence in deployed technologies isn’t the best place for an organization to be. Certainly no one technology will solve all security problems, but there are some areas where organizations can look to improve.
Double down on phishing security and BAS
Simply put, email attacks, including phishing, are typically the primary entry point for attackers into an organization. Simulation technology is always a challenge, as it is often restricted by engagement parameters so it won’t impact production operations.
There is, however, a clear need for phishing and breach simulation technology to help educate, train and inform. When deploying simulation technology, take the time to configure it to be as realistic as possible and regularly adjust to continuously improve the efficacy. And double down on employee training too.
Look beyond the perimeter to SOAR and deception
It’s no surprise that respondents have a high degree of confidence in network-based approaches for cybersecurity. After all, those approaches have been deployed for a decade or more, so there is plenty of familiarity.
The network boundary, however, is no longer the strong perimeter it once was, and there is a need to also explore, evaluate and deploy other technologies such as SOAR and deception. Both SOAR and deception are relatively newer approaches, and as such it makes sense that confidence in them isn’t yet very high. With deployment and experience, confidence will likely improve and along with it, improved cybersecurity outcomes.
Evaluate and reevaluate vendors regularly
In the cybersecurity solutions market, there is no shortage of vendors and options.
Just because an organization chooses to do a bakeoff doesn’t necessarily mean that there will be change, as the survey clearly indicates. Organizations should nonetheless take time on a regular basis to evaluate their choices to make sure they are still confident that what they are using represents the best option for them.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.