• Twitter
  • LinkedIn
(503) 898-0004 | hello@cascadeinsights.com
Cascade Insights Menu
  • Market Research Services
    • Close
      • Expand-Your-MarketUnderstand Your Customers
        • Key Buying Criteria Research
        • Win-Loss Analysis
        • Buyer’s Journey Mapping
        • Market Segmentation Research
        • Buyer Persona Research
      • Define-Your-BrandDefine Your Brand
        • Brand Research
        • Market Opportunity Research
        • New Product Launch Research
        • Message Testing Research
      • Understand-Your-BuyersExpand Your Market
        • Channel Market Research
        • Go-To-Market Research
        • Competitive Landscape Analysis
        • Usability Testing
        • Influencer Marketing Research
        • ABM Research
  • Marketing Services
    • Close
      • Marketing-StrategyContent Marketing
        • Content Creation
        • Messaging Upgrades
      • Content-MarketingMarketing Strategy
        • Persona Development
        • Content Strategy
        • Funnel Analysis
  • Our Blogs
    • Close
    • B2B Market Research Blog
    • B2B Marketing Blog
  • Resources
    • Close
    • B2B Revealed Podcast
    • B2B Studies & Resources
  • About Us
    • Close
    • Our Story
    • Our Clients
    • Client Testimonials
    • Ethics Policy
    • Privacy Policy
  • Contact Us
  • Search
  • Menu

We will be Hacked: Adjusting to the New Normal for Enterprise Security…

January 16, 2015/in Blog Posts, Product Managers /by cascade
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
  • Share by Mail

Have we reached the day when CEO’s need to send a company-wide memo with the title “We will be hacked”? In a word, yes.

Let us be clear: The implementors and researchers we chat with – those in the enterprise Security Operation Centers (SOCs) and Managed Security Service Providers (MSSPs) – aren’t advocating giving up. They’re not advocating abandoning a strong security posture that involves lots of expenditure and lots of expertise. What they are advocating is admitting the limits of all the security that money can buy.

To date, enterprises have adopted a posture that breaches are flat out unacceptable and heads must roll. Case in point, Target certainly didn’t fire their CEO because the board assumed all along that “it could happen to us.”

But let’s face it: If the goal is zero significant breaches, the enterprise has lost.

We-will-be-hacked-Image-1-e1421429098539

(Source)

Defense Array


And these hacks are happening despite a bristling arsenal of available defenses. Start with the lowly firewall and less-than-lowly next generation firewalls (NGFW), like Palo Alto Networks or Check Point. After that comes the Intrusion Prevention Systems (IPS) – somewhat a cousin of NGFWs – like McAfee, (Cisco) Sourcefire, or HP.

Then you have the antivirus solutions like Symantec, McAfee, or Kaspersky. The effectiveness of these is hotly debated, but they certainly catch “some” malware. More recently, you have solutions like FireEye that are more behavior based and “detonate” malware in a virtual machine sandbox while watching for suspicious activity (like trying to phone home to North Korea).

And then there’s a raft of endpoint detection and response solutions (and response is critical), like Mandiant, CarbonBlack, Guidance Software, RSA, or CrowdStrike.

All these often feed data into a SIEM, like QRadar, ArcSight, Splunk (which is more than just a SIEM), LogRhythm, or McAfee, where data can be correlated (often with threat feeds) and security people can be alerted.

You might want to troll the Enterprise Security Startup Landscape while you’re at it. Make sure Network Access Control is all fired up. Add a tablespoon of Data Loss Prevention in there too. Maybe a jigger of DDOS mitigation and a glop of Enterprise Mobility Management, and you’re ready to rock and roll, right?!?

You’ll still get hacked.

Buying Even More (Probably) Won’t Save You


All that technology is great. The expertise to get maximum value from it is even greater. And if awesome new technology comes out that fills a gap – that can catch stuff that all the other programs miss – by all means, buy it.

But here’s the thing: Every time we do a security research project we hear that organizations don’t even have all the security features turned on for the stuff they’ve already bought. And there are good reasons why that’s the case.

Take, for example, unauthorized software. Your IT department could probably flip a switch today and block any process that hasn’t been whitelisted (aka preapproved) from running. Sounds great, right? What it means is if the creatives in your marketing department or your software developers download and install any whiz-bang-make-their-job-way-easier tool from the Web, they’ll suddenly find themselves unable to access email, hit intranet sites, or even browse the Web. They’ll be quarantined.

And when that happens, they’ll scream that they’re being hamstrung in doing their job. And IT will lose. Keep in mind, Gartner predicts that by 2020, 90% of technology spending will happen in the business groups rather than IT. Companies are far more afraid of going out of business due to lack of agility and innovation than lack of security.

The Big Shift


But with the super high-profile hacks we’ve seen, in 2015 I think it’s safe to say that more CEOs will be going to their security teams and asking, “How do we increase cybersecurity?” And the security teams are very quickly going to respond, “We need to invest more in knowing we’ve been breached and eradicating the intruder.”

Corporations are going to realize that it can happen to them.

  • They’re going to understand that they can’t stop every invader at the gate.
  • They’re going to invest in indicators of compromise.
  • They’re going to invest in isolating compromised systems and users.

Is the security market ready?

  • To what extent are security vendors shifting focus and shifting investment in their product portfolio away from pure defense to detection and mitigation?
  • To what extent do traditional security vendors know what’s best of breed in this area and what game changers are incubating in startups?
  • To what extent are security vendors developing innovative solutions that detect and mitigate without throwing up walls that stop employees from getting the job done?

Based on our research, security vendors are out of sync with what the security professionals in organizations are looking for in terms of features that increase cybersecurity without being so intrusive that they’re not even allowed to be enabled. And if the traditional vendors don’t nail this, the startups are coming over the hill – probably founded by someone who left a big vendor that had one too many sacred cows to invest in fighting the next battle.

Don’t miss out on other tech sector focused articles or competitive intelligence tips and best practices. Sign up for our newsletter today!

Get in touch

  • Cascade Insights will never share your information with third parties. View our privacy policy.
  • This field is for validation purposes and should be left unchanged.
  • Bio
  • Latest Posts
cascade

cascade

cascade

Latest posts by cascade (see all)

  • Read Like An Analyst: Data Dilemmas, Startups & Standouts - October 20, 2015
  • 7 Trade Show Competitive Intelligence Tips: B2B Market Research podcast - May 11, 2015
  • We will be Hacked: Adjusting to the New Normal for Enterprise Security… - January 16, 2015
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
  • Share by Mail

GET IN TOUCH

hello@cascadeinsights.com

(503) 898-0004

WHAT WE DO

Market Research Services
Marketing Services
Subscribeto RSS Feed

Written by

cascade

cascade

Recent Posts

    None Found

Categories

  • Account-Based Marketing Research
  • B2B Usability Testing
  • Brand Research
  • Buyer Persona Research
  • Channel Research
  • Competitive Landscape Analysis
  • Content Creation
  • Content Strategy
  • Customer Journey Mapping
  • Funnel Analysis
  • Go-to-Market Research
  • Influencer Marketing Research
  • Key Buying Criteria Research
  • Market Opportunity Research
  • Market Segmentation Research
  • Message Testing Research
  • Messaging Upgrades
  • Persona Development
  • Podcast Production
  • Product & Service Launches
  • Win / Loss Analysis

Connect With Us

13908 SE Stark St Suite A Portland, OR 97233

503.898.0004

hello@cascadeinsights.com

  • LinkedIn
  • Twitter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

B2B Market Research

  • — Competitive Landscape Analysis
  • — Product / Service Launches
  • — Market Opportunity Research
  • — Channel / Market Research
  • — Influencer Marketing Research
  • — Message Testing Research
  • — Customer Journey Mapping
  • — Market Segmentation Research
  • — Key Buying Criteria Research
  • — Win / Loss Analysis
  • — Brand Research
  • — Go-to-Market Research
  • — Buyer Persona Research
  • — B2B Usability Testing
  • — Account-Based Marketing Research

B2B Marketing Services

  • — Content Strategy
  • — Persona Development
  • — Messaging Upgrades
  • — Content Creation
  • — Funnel Analysis

Blogs

  • — B2B Market Research Blog
  • — B2B Marketing Blog
  • — Cascade Insights Blog

B2B Revealed Podcast


B2B is a complex and challenging field, but most of all, it is fascinating. Join Sean Campbell, CEO of Cascade Insights, as he shares over 20 years of experience in the B2B market.

Competitive Intelligence Must Adapt – B2B Sales and Marketing in 2015: B2B... [6th Edition] Go Beyond Google: Competitive Intelligence for B2B Tech: B2B Market...
Scroll to top