Symantec 2011 Threat Management Survey Global Results

2011 Threat Management Survey

Global Data

Methodology

• Survey performed by Applied Research

• 1,025 global enterprises

• Tactical IT, Strategic IT and C-level professionals

• Cross-industry

2

Key Findings

• Enterprises not confident in their security posture

• Organizations struggling with timely analysis and response

• Top concerns are security intelligence and visibility

• Staffing problems top list of issues impacting ability to respond to new and emerging threats

3

Security Confidence

• 57% lack confidence in IT security staffs’ ability to respond to new threats

• Why? Several of the factors tied to staffing

– Not enough staff

– Staff lacks time

4

Staffing Issues

• 66% rate staff as less than effective

• Only 4% rate staff as completely effective

• Why?

– Recruiting

– Retention

– Right skill sets

Top Security Concerns

• Intelligence

• Visibility

• Analysis

6

Security Shortcomings

• Timely and quality alert correlation/analysis

• Timely and effective event response

7

Symantec Recommendations

• Build a comprehensive incident management program

• Be vigilant about the changing threat landscape

• Broaden the visibility across your infrastructure

• Evaluate systems for managing security information and alerts

9

Appendix All questions included

10

Demographics

11

33%

33%

34%

0% 5% 10% 15% 20% 25% 30% 35% 40%

1,000 to 2,499

2,500 to 4,999

5,000 or more

Q2: How many employees does your organization have in all locations worldwide?

12

10%

10%

10%

10%

10%

9%

6%

5%

4%

4%

4%

3%

3%

3%

2%

2%

2%

2%

1%

0% 2% 4% 6% 8% 10% 12%

Finance and Insurance

Information Technology and Communications

Scientific research, professional and technical services

Wholesale and Retail

Other

Manufacturing

Medical, Health Care and Welfare

Construction

Education, Learning and Support

Government

Real estate and goods rental and leasing

Eating and drinking services, accommodations

Internet

Transport and freight service (cover such as Airline/railway industry)

Energy

Legal

Living-related and personal services and amusement services

Media

Advertisement

Q3: What is your organization's primary industry?

13

25%

25%

25%

25%

0% 5% 10% 15% 20% 25% 30%

C-level or business owner

Management role in IT, primarily focused on strategic issues

Management role in IT, primarily focused on tactical/operational issues

Manage our computing resources

Q4: What is your primary role?

14

2%

3%

1%

25%

5%

1%

4%

9%

22%

12%

3%

3%

11%

0% 5% 10% 15% 20% 25% 30%

President

Owner

Partner

CIO

CTO

CISO

Vice President or Senior Vice President in a computing area

Director in a computing area

Manager of Information Systems or Computer Systems

Systems analyst

Systems architect

Systems designer

Other

Q5: What is your title?

15

30 or less (Millennial) 22%

31 to 49 (Gen-X) 68%

50 or older (Boomer) 10%

What is your age?

16

Male 81%

Female 19%

Q7: What is your gender?

17

12.88

12

0

2

4

6

8

10

12

14

Mean Median

Q8: How many years have you been working in computer systems and technology?

18

2%

3%

4%

5%

9%

15%

16%

16%

16%

7%

7%

0% 2% 4% 6% 8% 10% 12% 14% 16% 18%

Less than $500,000

$500,000 to $2,000,000

$2,000,000 to $7,500,000

$7,500,000 to $30,000,000

$30,000,000 to $100,000,000

$100,000,000 to $500,000,000

$500,000,000 to $1,500,000,000

$1,500,000,000 to $5,000,000,000

$5,000,000,000 to $25,000,000,000

$25,000,000,000 to $100,000,000,000

More than $100,000,000,000

Q9: What are your company's annual revenues?

19

1%

9%

4%

11%

31%

29%

7%

5%

0%

3%

0% 5% 10% 15% 20% 25% 30% 35%

Declining 25% per year or greater

Declining at between 10 to 24% per year

Declining at between 1 to 9% per year

Flat: Neither growing nor declining

Growing at between 1 to 9% per year

Growing at between 10 to 24% per year

Growing at 25 to 49% per year

Growing at 50 to 99% per year

Growing at 100% per year or more

Decline to state

Q10: Characterize your company's year-over-year annual growth rate in terms of annual revenue:

20

Security Self-Assessment

21

20%

18%

19%

25%

19%

0% 5% 10% 15% 20% 25% 30%

Very concerned

Somewhat concerned

Neutral

Somewhat confident

Very confident

Q213: How confident are you that your IT security staff can handle new security threats in a timely and effective manner?

22

46%

45%

45%

45%

43%

39%

36%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%

Insufficient security staff

Not enough visibility into security across entire infrastructure

Trouble correlating/analyzing security alerts as they are happening

Staff doesn't have enough time

Trouble responding to security incidents in a timely/effective manner

Security staff lacks necessary experience/skill sets

No access to latest information about new threats, vulnerabilities, etc.

Q214: What are the top three factors that are keeping you from being completely confident in your ability to handle new security

threats in a timely and effective manner? (Ranked 1, 2, or 3)

23

Security Lifecycle

24

13%

23% 27%

38% 19%

28% 28%

25%

27%

25%

28% 20%

41%

24% 17% 18%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Security intelligence Security visibility Attack analysis Security response

Q215: Please review the following aspects of security and rank them in terms of what concerns you the most.

1

2

3

4

25

2.04

2.50 2.64

2.82

0

1

2

3

4


Q215: Please review the following aspects of security and rank them in terms of what concerns you the most.

(Average Ranks)

26

15% 21%

26%

38%

19%

28%

29%

24% 29%

26%

25%

21%

38%

26% 19% 17%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%


Q216: Please rank these aspects in terms of your organization's ability to execute.

1

2

3

4

27

2.10

2.44

2.62 2.83

0

1

2

3

4


Q216: Please rank these aspects in terms of your organization's ability to execute. (Average Ranks)

28

3% 1%

7% 5%

25% 26%

41% 40%

24% 27%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Acquiring such intelligence in a timely fashion The quality of intelligence you gather

Q217: When it comes to keeping up with the latest cyber-security vulnerabilities and threats, please rate how you are doing in the

following areas:

1 - Extremely poor 2 - Somewhat poor 3 - Neither poor nor well 4 - Somewhat well 5 - Extremely well

29

65%

68%

0% 10% 20% 30% 40% 50% 60% 70% 80%

Acquiring such intelligence in a timely fashion

The quality of intelligence you gather


following areas. (Somewhat/Extremely well)

30

10%

6%

0% 2% 4% 6% 8% 10% 12%

Acquiring such intelligence in a timely fashion

The quality of intelligence you gather


following areas. (Somewhat/Extremely poorly)

31

1% 1% 1% 6% 7% 7%

27% 27% 27%

39% 44% 42%

27% 21% 22%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

The quality of that visibility Acquiring such visibility in a timely fashion How comprehensive the visibility is

Q218: When it comes to maintaining visibility into security across the entire company's infrastructure, please rate how you are doing

in each of the following areas:


32

66%

65%

65%

0% 10% 20% 30% 40% 50% 60% 70%

The quality of that visibility

Acquiring such visibility in a timely fashion

How comprehensive the visibility is


in each of the following areas. (Somewhat/Extremely well)

33

7%

8%

8%

0% 1% 2% 3% 4% 5% 6% 7% 8% 9%

The quality of that visibility

Acquiring such visibility in a timely fashion

How comprehensive the visibility is


in each of the following areas. (Somewhat/Extremely poorly)

34

1% 1% 5% 5%

27% 26%

42% 41%

25% 27%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

The timeliness of correlation and analysis The quality of the correlation and analysis

Q219: When it comes to your organization's ability to correlate and analyze security alerts across the enterprise, please rate how you

are doing in each of the following areas:


35

67%

68%

0% 10% 20% 30% 40% 50% 60% 70% 80%

The timeliness of correlation and analysis

The quality of the correlation and analysis


are doing in each of the following areas. (Somewhat/Extremely well)

36

7%

6%

0% 1% 2% 3% 4% 5% 6% 7%

The timeliness of correlation and analysis

The quality of the correlation and analysis


are doing in each of the following areas. (Somewhat/Extremely poorly)

37

1% 1% 5% 5%

24% 25%

45% 42%

25% 28%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Ability to respond in a timely fashion The effectiveness of your response

Q220: When it comes to your organization's ability to respond to security events, please rate how you are doing in each of the

following areas:


38

70%

69%

0% 10% 20% 30% 40% 50% 60% 70% 80%

Ability to respond in a timely fashion

The effectiveness of your response


following areas. (Somewhat/Extremely well)

39

7%

6%

0% 1% 2% 3% 4% 5% 6% 7%

Ability to respond in a timely fashion

The effectiveness of your response


following areas. (Somewhat/Extremely poorly)

40

Security Staffing

41

11%

32%

41%

11%

4%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

We are extremely understaffed

We are somewhat understaffed

We have just enough security staff

We are somewhat overstaffed

We are extremely overstaffed

Q221: How would you characterize your security staffing levels at the current time?

42

10%

15%

24%

42%

10%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

Completely ineffective

Somewhat ineffective

Not as good as we would like, but not horrible

Mostly effective

Completely effective

Q222: Overall, how would you rate the effectiveness of your IT security staff?

43

10% 9% 11% 15%

27% 29% 12% 17% 15%

22%

15% 19%

15%

18% 21%

16% 14%

16%

18%

15% 18%

13%

16%

20%

17%

23% 18% 18%

14%

10% 29%

19% 17% 16% 14% 6%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Recruiting Retention Skill sets Experience Staff retirement Awareness

Q223: What is keeping you from rating your security staffing as "completely effective?" Rank the following areas of cyber security

staffing in terms of difficulty for your organization.

1

2

3

4

5

6

44

2.93 3.18

3.29 3.56

3.85

4.19

0

1

2

3

4

5

6

Recruiting Retention Skill sets Experience Staff retirement Awareness

Q223: What is keeping you from rating your security staffing as "completely effective?" Rank the following areas of cyber security

staffing in terms of difficulty for your organization. (Average Ranks)

45

Managed Security Service Providers

46

40%

39%

30%

29%

24%

17%

16%

5%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

Symantec

IBM/ISS

AT&T

Dell/SecureWorks

Verizon Business

We don't use a managed security service provider

BT/Counterpane

Other (Please specify)

Q224: What managed security service provider vendors are you considering using or do you currently use?

(Mark all that apply.)

47

10%

14%

28%

35%

13%

0% 5% 10% 15% 20% 25% 30% 35% 40%

Absolutely no influence

Very little influence

Neutral

A moderate influence

Complete influence

Q225: How much influence does your managed security service provider have over which security products your company

purchases?

48

SIEM

49

55%

34%

22%

19%

16%

1%

0% 10% 20% 30% 40% 50% 60%

Symantec

HP/ArcSight

EMC/RSA (enVision)

We don't use a SIEM

Q1 Labs

Other (Please specify)

Q226: What Security Information and Event Management (SIEM) vendors do you currently use?

(Mark all that apply.)

50

19% 13% 13% 12% 14% 15% 12% 11%

17% 23% 23% 22% 20% 19% 21% 22%

28% 30% 30% 31% 28% 29% 29% 31%

27% 25% 23% 24% 26% 26% 24% 22%

9% 10% 12% 11% 12% 11% 14% 14%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Insufficient staff to set up

Trouble integrating latest

information on new threats,

vulnerabilities, etc.


Trouble maintaining SIEM

rules to correlate/analyze alerts in real time

Insufficient staff to maintain

Trouble responding to incidents in

timely/effective manner

Insufficient training to set up

Insufficient training to maintain

Q227: How do the following challenges impact your ability to realize the full value of your Security Information and Event Management

(SIEM) solution?

1 - Extreme impact 2 - Moderate impact 3 - Some impact 4 - Slight impact 5 - No impact whatsoever

51

36%

36%

35%

34%

34%

34%

34%

33%

0% 5% 10% 15% 20% 25% 30% 35% 40%


Trouble integrating latest information on new threats, vulnerabilities, etc.


Trouble maintaining SIEM rules to correlate/analyze alerts in real time


Trouble responding to incidents in timely/effective manner




(SIEM) solution? (Moderate/Extreme impact)

52

36%

35%

35%

35%

38%

37%

38%

36%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%


Trouble integrating latest information on new threats, vulnerabilities, etc.


Trouble maintaining SIEM rules to correlate/analyze alerts in real time


Trouble responding to incidents in timely/effective manner




(SIEM) solution? (Slight/No impact)

Symantec 2011 Threat Management Survey Global Results

Technology

security information

security intelligence

security confidence

staff staff

security shortcomings

staffing issues

security staffs ability

security posture organizations