Threat Landscape and Security Monitoring, 2017...CONFIDENTIAL AND PROPRIETARY This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates

CONFIDENTIAL AND PROPRIETARYThis presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other intended recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.

2017

Pete Shoard, Research DirectorSecurity and Risk Management Leaders

Threat Landscape and Security Monitoring, 2017

1 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.1 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.

There Are About 20 Billion ThreatBlocks a Day

2 So What?

There Are About 4 Billion Google Searches Each Day


If You Want Stats to Scare Your Bosses With, I'm Sorry2..

They're Already Scared

They're Bored With Scary Stats

3 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.

Gartner has, for decades, resisted

providing threat statistics.

How many raindrops are falling

doesn't matter.

So Stop Counting Attacks


Instead, Start Thinking About Raincoats


And Umbrellas and Roofs $ and What Am I Doing?


Threat Analysis Isn't About Threats

It's About Awareness


A Lot of Stuff Isn't Where It Used to Be

Cloud Deployment Plans Across Regions and Timelines, May 2016

6


It's Not All Easily Found

Cloud delivery and stand-alone functionality enables shadow

IT applications

15XCompanies are using up to 15 times more cloud services to store critical company data than CIOs were aware of, or had authorized. (Cisco study, August 2015)

77%Nearly eight in ten (77%) (business) decision makers admit to using a third-party cloud application without the approval or knowledge of their IT department (NTT, April 2016)


IT Is More Complex, but More Connected

Complexity and Heterogeneity Are the Enemies of Security


Insiders

Partners

All IT Not Under One Roof

Customers

Information Systems Platform

Customer Experience

Platform

Ecosystems Platform

Things

Mobile

Cloud

Data and Analytics Platform

B2B

On-Premises

Edge

Cloud

On-Premises

Mobile

Mobile

IoT Platform

As if the challenge were not great enough within the enterprise


By 2020, a third of successful attacks experienced by

enterprises will be on their shadow IT resources.

Strategic Planning Assumption (SPA)


Roofs Are Leaky, and Getting Leakier

We're Not Even Looking At All the Roofs

Source: Gartner-generated via CVE Database


Some Roofers Are Better Than Others:2016 Vulnerability Trends

Source: Gartner-generated via CVE Database

Red

Hat

Micro

Foc

us

SUSE

Fedor

a Pro

ject

Apa

che

Sof

twar

e

Foun

datio

n


Through 2021, the single most impactful enterprise activity to improve

security will be patching.

Strategic Planning Assumptions (SPAs)


The Perfect Storm: How Many Zero Days?

2013 23 00.4%

2014 24 00.3%

2015 53 00.8%


Through 2020, 99% of vulnerabilities exploited will continue to be the

ones known by security and IT professionals for at least one year.

Strategic Planning Assumption (SPA)


Ransomware


The Ransomware Weather Map

Source: Microsoft: Ransomware by Region 2Q16


Ransomware Growth Is Not Hype

Source: Trend Micro


What Can You Do?


Do not be distracted by the shiny objects


Your Environment$

Threat Detection Remediation Strategy

SOC Analysts

Security DeviceManagement

Threat Intel.

PlatformSecurity Analytics

SIEM

Exploit Identification

Issue Identification

Penetration Testing

Patch

Management

Response Process

Comm

unicationContin

uity

Find The Threat Find The Weakness Have A Plan


Keep It Simple

� Being swamped in alerts and incidents is worse than burying your head in the

sand, have an effective plan around how to deal with the output of security tools

and services.

� Solve the BIG & EASY problems first, Upgrade and Patch where possible, use

preventative controls (IPS / Firewalling) where its not.

� Identify Phased approaches that work for the organisation, allowing smaller more

effective pockets of defence to rise up first.

� Outsource where it makes sense – co-managed or fully managed services

increase the speed of deployment and reduce the burden on internal teams.

� Adopt Zero Trust if you can. Starting from a position of Zero Security can mean

that an effective strategy is to lock the doors and wait for people to knock.


Recommended Gartner Research

� Predicts 2017: Threat and Vulnerability Management

Oliver Rochford, Greg Young and Craig Lawson (G00316869)

� Use the Gartner Playbook for a Successful SIEM Proof of Concept

Gorka Sadowski (G00338084)

� 2017 Planning Guide for Security and Risk Management

Ramon Krikken (G00312926)

� Magic Quadrant for Managed Security Services, Worldwide

Toby Bussa, Kelly M. Kavanagh, Sid Deshpande (G00299064)

� Vulnerability and Security Config Assess Solutions

Oliver Rochford, Greg Young and Craig Lawson (G00322810)

For more information, stop by Gartner Research Zone.

Documents

Threat Landscape and Security Monitoring, 2017...CONFIDENTIAL AND PROPRIETARY This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates