According to 451 Research’s new Voice of the Enterprise: Information Security quarterly study, more than a quarter of the enterprises surveyed name Cisco as their primary Intrusion Detection and Prevention (IDS/IPS) platform provider. In the 451 Research Vendor Window, enterprises rated Palo Alto Networks highest especially for technical innovation, brand/reputation, and intrusion detection capabilities. Cisco FirePower/SourcePower and Dell Secure Works tied for the second highest rated vendors based on evaluations from 353 existing customers.
Based on evaluation of 16 different vendor attributes, the Vendor Window plots enterprise adoption as well as indices that compare vendors' promise prior to deployment as well as fulfillment after deployment. These latest findings – including a Vendor Window for Security in Enterprise Mobility Management – are based on responses from over 1,000 IT professionals, primarily in North America and EMEA, including 580 unique vendor evaluations in May and June 2015.
As expected, spending on security remains strong with 37% of enterprise security managers expecting to increase their budget in the next 90 days. Only 4% of enterprises are decreasing security spending.
Although security budgets are stable or increasing for almost all organizations, security managers reported significant obstacles in implementing desired security projects due to lack of staff expertise (34.5%) and inadequate staffing (26.4%). As one security manager in the retail industry noted, “We continue to struggle with staffing . . . We have been given the open requisitions to hire people, but now we're trying to find the people.” Given this challenge, only 24% of enterprises have 24x7 monitoring in place using internal resources.
More than half of respondents (52%) noted ‘hackers with malicious intent’ as their top security concern over the past 90 days, followed by navigating compliance requirements (38%). As a consequence, 26% of security managers noted that compliance requirements were a key driver in getting projects approved, second only to risk assessment cited by 26.5% of respondents.
"As the understanding of the prevalence of advanced attackers increases, security managers have continued a move from reliance on preventative controls to an increased focus on security monitoring and incident response," said Daniel Kennedy, Research Director for Information Security. "Intrusion detection and/or prevention systems are one of the most established and ubiquitous security monitoring tools in place at large enterprises, and perhaps one of the most underutilized. Only 44.4% of enterprises have around-the-clock active monitoring in place."