Story image

APAC ahead of US and EMEA in AI security adoption - Osterman

29 Aug 2018

Cybersecurity management company Skybox Security has released the results of a global survey conducted by Osterman Research, Understanding Security Processes and the Need to Automate. 

The survey, which includes responses from 465 senior security leaders at large enterprises in the US, EMEA and APAC, reveals trends in the use of security automation, as well as artificial intelligence (AI) and machine learning (ML).

Survey questions focused on workflows in firewall and security policy management and vulnerability management.

The research found that APAC is ahead of the US and EMEA in terms of automation for processes involved in the management of firewall rules and security policy — the automation of these processes is least common in EMEA.

Despite being hyped in the media, technologies such as artificial intelligence and machine learning are still in early days, with few organisations using AI/ML in production — just four percent of respondents in EMEA, nine percent in the US and 27% in APAC.

In general, the report reveals that companies worldwide are continuing to struggle with network security management, especially as those networks are growing more complex and increasing in size.

Surprisingly, most are only partially automating workflows and processes to help overcome these challenges — but they do see the value and are looking to automate more in the future. 

Osterman Research principal analyst Michael Osterman says, “Many organisations have significant deficiencies with regard to their firewall and security management.”

“Most realise that they need to improve the way they manage security and policy, and they also realise that automating workflows and processes is key to these improvements.”

Additional insights from the report include the following:

  • Cutting costs, making better use of skilled employees and network size/complexity are top drivers for automation — but that varies by region. In EMEA, 61% of respondents said cost was the number one driver; 43% said it was in the US. Surprisingly, only 35% in APAC ranked costs as the key driver for automation. They instead ranked the difficulty of managing the size and complexity of their network as the primary reason (43%), as well as being able to move skilled staff off mundane activities to higher value/skill security tasks (40%).  The US and EMEA also cited the challenges of managing network size and complexity as a heavy driver (42% and 38% respectively).   
  • Better visibility and context are still needed. Organisations are still deficient in understanding network context and having visibility of firewall and security policy, including why firewall rules exist: 37% in the US, 61% in EMEA and 47% in APAC said they had only “minimal or some understanding.” Even more surprising, respondents said they have only minimal or some understanding of how security changes impact their business: 49% in the US, 63% in EMEA and 39% in APAC. And it appears that identifying vulnerabilities continues to be a challenge, with 53% in the US, 63% in EMEA and 42% in APAC having only minimal or some understanding of what vulnerabilities exist on network devices.  
  • Security staff are bogged down with incident response processes, compliance management and making changes to the security infrastructure. The top things respondents said they spend a “substantial” amount of time on are incident response triage/prioritisation and compliance management for the US; firewall configurations and out-of-process changes for EMEA; compliance management and security changes for APAC.  
  • Security teams need help, with most organisations admitting they need to make major improvements in how they manage security and policy. The biggest improvements are needed in how organisations decommission applications: 72% of respondents in the US, 67% in EMEA and 54% in APAC say they do it “poorly or moderately.” Security teams also need help pruning firewall rules so that rulesets do not become bloated, with 67% in the U.S., 78% in EMEA and 48% in APAC saying they do it “poorly or moderately.” Ironically, these are areas where automation can make a huge impact.  
  • Automation is an impetus for cloud migration. It’s no surprise that for many companies, migration to the cloud is having a significant impact on the automation of security policy changes. This is most notable in APAC where 43% of organisations said cloud is impacting the automation of security policy changes. Survey results also show that the vast majority of organisations are working on initiatives focused on security automation to support cloud environments.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.