The changing network security landscape
The adoption of the cloud and as-a-service delivery models means that the company network, which was once a closed environment, has now expanded into a range of other areas.
Alongside this expansion comes a new range of risks and a new study from cloud-delivered security specialist ProtectWise in conjunction with Osterman Research looks at the latest network security challenges and how they are being met.
Among its findings are that the number of security staff in a company doesn't equate to the size of the business. The largest companies only have 30 percent more security staff than mid-sized companies, despite averaging 10 times the number of employees. This means that security pros at the largest organizations are unable to dedicate the same number of person-hours per 1000 employees that smaller companies can.
Larger businesses though are beginning to invest in specialist roles and tools to reduce the number of security alerts and cut false positives. 41 percent of mid-sized organizations surveyed (1,501 to 4,000 employees) don't have specialized teams compared to 69 percent of larger organizations (over 4,000 employees) that do.
"There are shared security pain points which have no regard to organizational size," says Gene Stevens, co-founder and CTO of ProtectWise. "Yet security team size in larger organizations does not scale in line with the size of the business. Larger organizations though are expected to face greater numbers of threats, so the problem will get worse."
Regardless of company size, two-thirds of all respondents manage their security overload by prioritizing the highest value targets. Nearly half (46 percent) of all respondents would retain network data for more than 18 months in an ideal world, but only 14 percent do so today. Security tool evaluation is named as the most common responsibility across all security pros surveyed. Looking specifically at mid-market and large organizations, respondents expect they will spend 23 percent more time processing security incident logs and 25 to 26 percent more time remediating security incidents in the next two years.
Another interesting point is that large organizations are becoming less reliant on endpoint security. More than 50 percent of organizations surveyed are using both endpoint and network security tools. 26 percent of large organizations use network security products alone and only 13.1 percent use just endpoint tools, compared to 44 percent of small to mid-sized businesses.
You can get hold of the full report on the ProtectWise website.