The Evolving State of Enterprise Security, From Endpoint to Network

The “traditional” enterprise network died a long time ago. The modern network is open, with access to — and creation and consumption of — corporate data everywhere. It includes public cloud and mobile and industrial networks; it includes other environments that were designed with no consideration of security requirements; and it includes legacy on-premises networks. While the openness boosts productivity, it provides new opportunities for bad actors to compromise businesses and steal valuable data.

ProtectWise recently partnered with Osterman Research to interview 400 security analysts in the US to uncover the state of network security today across organizations with 1,000 or more employees. The survey looked at the biggest security challenges from the inside out, from staffing priorities to the need for specialized roles. The resulting research is presented in the Osterman Research white paper, “The Evolving State of Network Security,” released September 27.

Top findings include:

• Security hiring does not scale equally at the largest enterprises (over 4,000 employees). The mean number of employees at the largest organizations surveyed was nearly 26,000. These companies had an average of 17.5 security personnel, or one security pro for every 1,488 employees. The mean number of employees at the midsized companies surveyed was almost 2,510. These companies had an average of 13.3 security personnel, or one security pro for every 189 employees.

• Regardless of organization size, the amount of time spent on identifying and remediating security incidents over the next two years is expected significantly increase. It is anticipated to nearly double for larger organizations. However, more sophisticated organizations that invest in threat intelligence roles are shown to: significantly reduce the volume of security alerts; decrease the volume of false positives; and reduce the time spent on detecting and understanding threats than companies of the same size without the specialized roles. 

• Large organizations are beginning to invest in specialized roles, but smaller to midsize businesses are lagging in making similar investments. Forty-one percent of midsized organizations surveyed (1,501 to 4,000 employees) don’t have specialized teams compared to 69 percent of larger organizations (over 4,000 employees) that do. The top three specialized roles in large companies include: SOC Analysts Level 1/Event Triage (69 percent); Governance Risk and Compliance (61 percent); and Security Solution Management (52 percent).

• The type of products used for remediation indicates organizations are evolving their strategies with network security, as large organizations become less reliant on endpoint security. More than 50 percent of organizations are using both endpoint and network security for remediation. The reliance on endpoint-only products decreases as organization size increases.

This research tells us that organizations of all sizes are feeling the burn of alert fatigue but the creation of specialized roles is making a difference. Security teams are using threat intelligence to significantly improve remediation times. Simultaneously, the shift away from a sole reliance on endpoint products indicates there’s a growing industry wide recognition that an endpoint-only strategy is ineffective in today’s climate, and that achieving visibility from the endpoint to the network is critical for investigation, triage and remediation.

About the Author

Ramon Peypoch, Chief Product Officer, ProtectWise

A proven leader in the security industry, Ramon is responsible for product strategy, development and market delivery. Prior to ProtectWise, he was Vice President, Web Protection at McAfee. With a track record of creating category-leading security products and companies, he has held executive product and business development positions at Proofpoint , Websense and Symantec. He serves as a board member for Abusix, Inc., a network abuse and threat intelligence company and Identity Finder LLC, a sensitive data management solutions provider. Ramon holds a M.B.A. in Finance & Entrepreneurial Management from The Wharton School and a B.A. in World Politics and Spanish from Hamilton College.