Risk
12/6/2012
02:18 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

451 Research Publishes In-Depth Security Study

Security budgets experienced a significant gain between 2011 and 2012, study shows

NEW YORK, Dec. 6, 2012 /PRNewswire/ -- TheInfoPro, a service of 451 Research, released its latest information security study, indicating strong budgets for security projects in 2013. Conducted during the second half of 2012, TheInfoPro study identifies key initiatives of senior information security managers and examines market factors and major players. This annual study is based on extensive live interviews with security professionals and primary decision-makers at large and midsize enterprises in North America and Europe.

Highlights from the TheInfoPro Information Security Study include:

-- Buoyed largely by budget increases at large North American enterprises, security budgets experienced a significant gain between 2011 and 2012 with 45% of respondents noting an increased budget for security projects and personnel. -- Top projects looking to gain a share of increased budget allocations include mobile device management (MDM), endpoint and network data leakage prevention (DLP), and application-aware firewall implementations. -- The combined effects of IT Consumerization and the 'Bring Your Own Device' trends have driven Mobile Device Security to take over the top slot as the key pain point for security managers in 2012, going from 11% of responses in 2011 to 15% in 2012. -- Application-aware firewalls continue to be one of the hottest technologies in the network security category - 8% of respondent implementation is planned for within six months, with another 14% having longer term plans penciled in. -- Driven by a constant drumbeat of customer data breaches, Endpoint DLP continues to be a top project, with 10% of respondents reporting short term implementation plans. "47% of security managers we interviewed noted a planned budget increase between 2012 and 2013 with only 8% constricting their spending," said Daniel Kennedy, TheInfoPro's Research Director for Information Security. "Securing employee owned mobile devices is the chief headache for security managers, and 2013 will be a key year for mobile device management implementations - 20% of enterprises report projects underway within the next six months, with another 9% planning implementations in the longer term."

Research Directors Daniel Kennedy and Wendy Nather will host a 451 Research Innovation webinar on December 13th to discuss the report's findings.

Webinar Details:

-- Title: The State of Information Security in 2013 -- Date: December 13, 2012 -- Time: 2 pm ET -- Presenters: Daniel Kennedy, Research Director, Information Security and Wendy Nather, Research Director, Information Security -- Registration: https://www1.gotomeeting.com/register/671005121 About TheInfoPro Information Security Study TheInfoPro Information Security Study examines key trends across the security industry, as well as the performance of individual vendors. The study is completed annually, and is based on hour-long interviews with security professionals and primary decision-makers at large and midsize enterprises primarily in North America. The interview results are collected in comprehensive research reports that provide continuous business intelligence within key areas, such as technological road maps, spending plans and vendor performance. A sampling of vendors covered in the Vendor Performance and Technology Roadmap components of the study include: Blue Coat, Check Point, Cisco Dell, EMC, Fortinet, Juniper Networks, Microsoft, Oracle, Palo Alto Networks, Rapid7, Sourcefire, Veracode, VeriSign, Websense, and WhiteHat Security.

About 451 Research 451 Research, a division of The 451 Group, is focused on the business of enterprise IT innovation. The company's analysts provide critical and timely insight into the competitive dynamics of innovation in emerging technology segments. Business value is delivered via daily concise and insightful published research, periodic deeper-dive reports, data tools, market-sizing research, analyst advisory, and conferences and events. Clients of the company - at vendor, investor, service-provider and end-user organizations - rely on 451 Research's insight to support both strategic and tactical decision making. 451 Research is headquartered in New York, with offices in key locations, including San Francisco, Washington DC, London, Boston, Seattle and Denver.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

CVE-2012-5487
Published: 2014-09-30
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

CVE-2012-5488
Published: 2014-09-30
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

CVE-2012-5489
Published: 2014-09-30
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.