Story image

APAC ahead of US and EMEA in AI security adoption - Osterman

29 Aug 18

Cybersecurity management company Skybox Security has released the results of a global survey conducted by Osterman Research, Understanding Security Processes and the Need to Automate. 

The survey, which includes responses from 465 senior security leaders at large enterprises in the US, EMEA and APAC, reveals trends in the use of security automation, as well as artificial intelligence (AI) and machine learning (ML).

Survey questions focused on workflows in firewall and security policy management and vulnerability management.

The research found that APAC is ahead of the US and EMEA in terms of automation for processes involved in the management of firewall rules and security policy — the automation of these processes is least common in EMEA.

Despite being hyped in the media, technologies such as artificial intelligence and machine learning are still in early days, with few organisations using AI/ML in production — just four percent of respondents in EMEA, nine percent in the US and 27% in APAC.

In general, the report reveals that companies worldwide are continuing to struggle with network security management, especially as those networks are growing more complex and increasing in size.

Surprisingly, most are only partially automating workflows and processes to help overcome these challenges — but they do see the value and are looking to automate more in the future. 

Osterman Research principal analyst Michael Osterman says, “Many organisations have significant deficiencies with regard to their firewall and security management.”

“Most realise that they need to improve the way they manage security and policy, and they also realise that automating workflows and processes is key to these improvements.”

Additional insights from the report include the following:

  • Cutting costs, making better use of skilled employees and network size/complexity are top drivers for automation — but that varies by region. In EMEA, 61% of respondents said cost was the number one driver; 43% said it was in the US. Surprisingly, only 35% in APAC ranked costs as the key driver for automation. They instead ranked the difficulty of managing the size and complexity of their network as the primary reason (43%), as well as being able to move skilled staff off mundane activities to higher value/skill security tasks (40%).  The US and EMEA also cited the challenges of managing network size and complexity as a heavy driver (42% and 38% respectively). 
     
  • Better visibility and context are still needed. Organisations are still deficient in understanding network context and having visibility of firewall and security policy, including why firewall rules exist: 37% in the US, 61% in EMEA and 47% in APAC said they had only “minimal or some understanding.” Even more surprising, respondents said they have only minimal or some understanding of how security changes impact their business: 49% in the US, 63% in EMEA and 39% in APAC. And it appears that identifying vulnerabilities continues to be a challenge, with 53% in the US, 63% in EMEA and 42% in APAC having only minimal or some understanding of what vulnerabilities exist on network devices.
     
  • Security staff are bogged down with incident response processes, compliance management and making changes to the security infrastructure. The top things respondents said they spend a “substantial” amount of time on are incident response triage/prioritisation and compliance management for the US; firewall configurations and out-of-process changes for EMEA; compliance management and security changes for APAC.
     
  • Security teams need help, with most organisations admitting they need to make major improvements in how they manage security and policy. The biggest improvements are needed in how organisations decommission applications: 72% of respondents in the US, 67% in EMEA and 54% in APAC say they do it “poorly or moderately.” Security teams also need help pruning firewall rules so that rulesets do not become bloated, with 67% in the U.S., 78% in EMEA and 48% in APAC saying they do it “poorly or moderately.” Ironically, these are areas where automation can make a huge impact.
     
  • Automation is an impetus for cloud migration. It’s no surprise that for many companies, migration to the cloud is having a significant impact on the automation of security policy changes. This is most notable in APAC where 43% of organisations said cloud is impacting the automation of security policy changes. Survey results also show that the vast majority of organisations are working on initiatives focused on security automation to support cloud environments.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.