Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

8/20/2013
02:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Less Than Half Of IT Professionals Have Deployed Continuous Monitoring

Study examined security controls and spending

PORTLAND, OREGON -- August 15, 2013 -- Tripwire, Inc., a leading global provider of risk-based security and compliance management solutions, today released results from an extensive study focused on the state of risk-based security management with the Ponemon Institute. The study examined security controls and spending and revealed that many organizations misalign security spending with perceived security risks, haven't yet deployed preventive security technologies, and rarely use audits to identify security risks.

The study respondents included 749 U.S. and 571 U.K. professionals in the following areas: IT security, IT operations, IT risk management, business operations, compliance/internal audit and enterprise risk management.

"Given the constantly changing nature of security threats and security technologies, it's not surprising that many organizations are having difficulty assessing and prioritizing security risks," noted Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "Unfortunately, the misalignment of perceived risk and security spending coupled with the minimal use of security audits means that many organizations don't have the information they need to improve security risks."

When respondents were asked how their organization assesses and prioritizes risks, the results showed:

Only 50% said they identified specific controls at various network layers to ensure the risks were acceptable to the business

Only 41% said they implemented layered controls to ensure a compensating control exists if one control fails

Only 46% said they fully or partially deployed continuous monitoring

When asked about the deployment of preventative and detective controls, the study revealed:

93% have fully deployed malware detection/prevention

Only 53% said they have fully or partially deployed encryption as a preventative control

Only 43% said they have fully or partially deployed log monitoring as a detective control

Only 43% said they have fully or partially deployed incident detection and alerts

"These results underscore the challenges IT and security professionals grapple with every day," noted John Pierce, vice president of information systems for Tripwire. "The risk and security landscape faced by organizations continues to increase in complexity, requiring us to deploy and manage more sophisticated and comprehensive solutions to address rapidly evolving risks."

Other findings from the study include:

Only 1% of respondents used external audits to identify security risks and only 6% used internal audits

While 46% of respondents use formal risk assessments to identify security risks, only 32% use automated compliance monitoring for this purpose

Only 11% of an organization's security budget is spent protecting the application layer, even though 37% of respondents identified it as a key security risk

Only 19% of an organization's security budget is spent on the human layer

For more information about this study please visit: http://www.tripwire.com/ponemon/2013/#spending

About the Ponemon Institute

The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in a variety of industries

About Tripwire

Tripwire is a leading global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats. Learn more at www.tripwire.com or follow us @TripwireInc on Twitter.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20934
PUBLISHED: 2020-11-28
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
CVE-2020-29368
PUBLISHED: 2020-11-28
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
CVE-2020-29369
PUBLISHED: 2020-11-28
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
CVE-2020-29370
PUBLISHED: 2020-11-28
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
CVE-2020-29371
PUBLISHED: 2020-11-28
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.