Skybox® Security has released the results of a global survey conducted by Osterman Research, Understanding Security Processes and the Need to Automate. The survey, which includes responses from 465 senior security leaders at large enterprises in the U.S., EMEA and APAC, reveals trends in the use of security automation, as well as artificial intelligence (AI) and machine learning (ML). Survey questions focused on workflows in firewall and security policy management and vulnerability management.
Key findings included some surprises. For example, according to the results, APAC is ahead of the U.S. and EMEA in terms of automation for processes involved in the management of firewall rules and security policy — the automation of these processes is least common in EMEA. And despite being hyped at shows and in the media, technologies such as artificial intelligence and machine learning are still in early days, with few organizations using AI/ML in production — just four percent of respondents in EMEA, nine percent in the U.S. and 27 percent in APAC.
In general, the report reveals that companies worldwide are continuing to struggle with network security management, especially as those networks are growing more complex and increasing in size. Surprisingly, most are only partially automating workflows and processes to help overcome these challenges — but they do see the value and are looking to automate more in the future.
“Many organizations have significant deficiencies with regard to their firewall and security management,” said Michael Osterman, Principal Analyst of Osterman Research. “Most realize that they need to improve the way they manage security and policy, and they also realize that automating workflows and processes is key to these improvements.”
Additional insights from the report include the following:
- Cutting costs, making better use of skilled employees and network size/complexity are top drivers for automation —but that varies by region. In EMEA, 61 percent of respondents said cost was the number one driver; 43 percent said it was in the U.S. Surprisingly, only 35 percent in APAC ranked costs as the key driver for automation. They instead ranked the difficulty of managing the size and complexity of their network as the primary reason (43 percent), as well as being able to move skilled staff off mundane activities to higher value/skill security tasks (40 percent). The U.S. and EMEA also cited the challenges of managing network size and complexity as a heavy driver (42 percent and 38 percent respectively).
- Better visibility and context are still needed. Organizations are still deficient in understanding network context and having visibility of firewall and security policy, including why firewall rules exist: 37 percent in the U.S., 61 percent in EMEA and 47 percent in APAC said they had only “minimal or some understanding.” Even more surprising, respondents said they have only minimal or some understanding of how security changes impact their business: 49 percent in the U.S., 63 percent in EMEA and 39 percent in APAC. And it appears that identifying vulnerabilities continues to be a challenge, with 53 percent in the U.S., 63 percent in EMEA and 42 percent in APAC having only minimal or some understanding of what vulnerabilities exist on network devices.
- Security staff are bogged down with incident response processes, compliance management and making changes to the security infrastructure. The top things respondents said they spend a “substantial” amount of time on are: incident response triage/prioritization and compliance management for the U.S.; firewall configurations and out-of-process changes for EMEA; compliance management and security changes for APAC.
- Security teams need help, with most organizations admiting they need to make major improvements in how they manage security and policy. The biggest improvements are needed in how organizations decommission applications: 72 percent of respondents in the U.S., 67 percent in EMEA and 54 percent in APAC say they do it “poorly or moderately. ”Security teams also need help pruning firewall rules so that rule sets do not become bloated, with 67 percent in the U.S., 78 percent in EMEA and 48 percent in APAC saying they do it “poorly or moderately.” Ironically, these are areas where automation can make a huge impact.
- Automation is an impetus for cloud migration. It’s no surprise that for many companies, migration to the cloud is having a significant impact on the automation of security policy changes. This is most notable in APAC where 43 percent of organizations said cloud is impacting the automation of security policy changes. Survey results also show that the vast majority of organizations are working on initiatives focused on security automation to support cloud environments.
“The good news: security leaders have started on their automation journey,” said Sean Keef, Skybox Director of Product Marketing. “However, the results of this survey show us that many companies have a long way to go. It seems security leaders are still trying to understand where they’re going to get the most value out of automation, while also ensuring they’re not putting the organization at risk. There are many areas, however, where it is absolutely essential to implement automation — and, in fact, where the automation reduces risk. For example, collecting/gathering data for attack surface visibility and modeling, network change management and rule lifecycle management. Networks are simply becoming too large and complex to manage manually. If you’re not already working with a vendor in these areas, you should start looking for one.”