IT Pros Lack Security Management Support, Budget & Training
Half of respondents to SANS Institute/SolarWinds survey reported spending 20 percent or less of their IT budget on security
AUSTIN, TX – September 12, 2013 – SolarWinds (NYSE: SWI), a leading provider of powerful and affordable IT management software, in conjunction with SANS, today released the results of a security survey* of more than 600 IT professionals representing a broad range of industries and organization sizes. The survey was conducted to identify the impact of security threats and the use of security analytics and intelligence to mitigate those threats.
More Security Insights
- 10 Steps to Cleaning up Active Directory
- The Active Directory Management and Security You've Always Dreamed of
- Innovations in Integration: Achieving Holistic Rapid Detection and Response
- COBOL in the Big Data Era: A Guide
Survey respondents generally agreed that support for managing security today was inadequate. Many are working with a limited budget to manage "information security, compliance and response," with nearly half of respondents reported spending 20% or less of their IT budget on security. A majority also expressed their need for greater security data visibility and context, and said they plan to invest in training to address those issues.
Targeted attacks that are missed by antivirus and other point solutions were a problem for most respondents. Forty-five percent of respondents reported that in the past two years their organization experienced one or more attacks that were difficult to detect. Another 21% reported that they lacked enough visibility to even answer the question.
Reported "difficult to detect" attacks took, on average, one full week to detect. The root cause was usually visibility, with specific causes such as:
Not collecting appropriate operational and security data
Lack of context to observe normal behavior (and set baselines)
Lack of system and vulnerability awareness
IT pros seeking to avoid breaches used data from a variety of sources in their security analytics. The data most frequently used included:
Log data from networks and servers
Network monitoring data
Access data from applications and access control systems
In the next 12 months, respondents said they also plan to use the following data to improve their security monitoring:
Security assessment data from endpoint, application and server monitoring tools
Monitoring and exception data pertaining to internal virtual and cloud environments
Access data from applications and access control systems
IT pros plan to invest in the following to get better visibility and response through security analytics and security intelligence:
"Since the responsibility of securing IT is not just the role of a security expert anymore, it's important for all IT pros to be equipped to tackle security challenges," said Sanjay Castelino, VP and Market Leader, SolarWinds. "For IT pros that don't have a lot of time or budget to invest in managing security, we offer affordable and easy-to-use tools that provide visibility and insight right out of the box. Along with SolarWinds' wider suite of IT management products, our security products have a broad set of features and functionality built in, making security and compliance management accessible to all."
Security Management for Every IT Pro, Organization
Security is everyone's problem. For IT pros that don't spend their day thinking about security yet need the tools to tackle everyday operational security challenges, SolarWinds offers a number of powerful, easy-to-use and affordable products with out-of-the-box security and threat management. From Security Information and Event Management (SIEM) to firewall and patch management and more, IT pros can assess their environments and deploy SolarWinds' IT management products on a need-by-need basis to achieve end-to-end security visibility, including:
SolarWinds Log & Event Manager (LEM) – SIEM; real-time event correlation, endpoint data loss monitoring, active threat responses
SolarWinds Firewall Security Manager (FSM) – Firewall auditing and configuration management
SolarWinds Patch Manager – Endpoint vulnerability management
SolarWinds User Device Tracker (UDT) – Network user and device tracking
SolarWinds Serv-U Managed File Transfer (MFT) Server – Secure file sharing and file transfer
Join SolarWinds at SANS Network Security 2013 Las Vegas
Network Security attendees are invited to stop by booth No. 14 on September 18 to see live demos and to learn from the product experts about SolarWinds LEM, SolarWinds FSM, SolarWinds Patch Manager, SolarWinds UDT, and SolarWinds MFT Server, and to grab some geeky gear.
*The survey was conducted from June 10 – July 19, 2013, resulting in 647 survey responses from IT practitioners, managers and directors in the U.S. and Canada from public- and private-sector small, mid-size and enterprise companies. Public-sector specific results available upon request.
SolarWinds (NYSE: SWI) provides powerful and affordable IT management software to customers worldwide from Fortune 500 enterprises to small businesses. In all of our market areas, our approach is consistent. We focus exclusively on IT Pros and strive to eliminate the complexity that they have been forced to accept from traditional enterprise software vendors. SolarWinds delivers on this commitment with unexpected simplicity through products that are easy to find, buy, use and maintain while providing the power to address any IT management problem on any scale. Our solutions are rooted in our deep connection to our user base, which interacts in our online community, thwack, to solve problems, share technology and best practices, and directly participate in our product development process. Learn more today at http://www.solarwinds.com/.