Cybersecurity management company Skybox Security has released the results of a global survey conducted by Osterman Research, Understanding Security Processes and the Need to Automate.
The survey, which includes responses from 465 senior security leaders at large enterprises in the US, EMEA and APAC, reveals trends in the use of security automation, as well as artificial intelligence (AI) and machine learning (ML).
Survey questions focused on workflows in firewall and security policy management and vulnerability management.
The research found that APAC is ahead of the US and EMEA in terms of automation for processes involved in the management of firewall rules and security policy — the automation of these processes is least common in EMEA.
Despite being hyped in the media, technologies such as artificial intelligence and machine learning are still in early days, with few organisations using AI/ML in production — just four percent of respondents in EMEA, nine percent in the US and 27% in APAC.
In general, the report reveals that companies worldwide are continuing to struggle with network security management, especially as those networks are growing more complex and increasing in size.
Surprisingly, most are only partially automating workflows and processes to help overcome these challenges — but they do see the value and are looking to automate more in the future.
Osterman Research principal analyst Michael Osterman says, “Many organisations have significant deficiencies with regard to their firewall and security management.”
Additional insights from the report include the following:
- Cutting costs, making better use of skilled employees and network size/complexity are top drivers for automation — but that varies by region. In EMEA, 61% of respondents said cost was the number one driver; 43% said it was in the US. Surprisingly, only 35% in APAC ranked costs as the key driver for automation. They instead ranked the difficulty of managing the size and complexity of their network as the primary reason (43%), as well as being able to move skilled staff off mundane activities to higher value/skill security tasks (40%). The US and EMEA also cited the challenges of managing network size and complexity as a heavy driver (42% and 38% respectively).
- Better visibility and context are still needed. Organisations are still deficient in understanding network context and having visibility of firewall and security policy, including why firewall rules exist: 37% in the US, 61% in EMEA and 47% in APAC said they had only “minimal or some understanding.” Even more surprising, respondents said they have only minimal or some understanding of how security changes impact their business: 49% in the US, 63% in EMEA and 39% in APAC. And it appears that identifying vulnerabilities continues to be a challenge, with 53% in the US, 63% in EMEA and 42% in APAC having only minimal or some understanding of what vulnerabilities exist on network devices.
- Security staff are bogged down with incident response processes, compliance management and making changes to the security infrastructure. The top things respondents said they spend a “substantial” amount of time on are incident response triage/prioritisation and compliance management for the US; firewall configurations and out-of-process changes for EMEA; compliance management and security changes for APAC.
- Security teams need help, with most organisations admitting they need to make major improvements in how they manage security and policy. The biggest improvements are needed in how organisations decommission applications: 72% of respondents in the US, 67% in EMEA and 54% in APAC say they do it “poorly or moderately.” Security teams also need help pruning firewall rules so that rulesets do not become bloated, with 67% in the U.S., 78% in EMEA and 48% in APAC saying they do it “poorly or moderately.” Ironically, these are areas where automation can make a huge impact.
- Automation is an impetus for cloud migration. It’s no surprise that for many companies, migration to the cloud is having a significant impact on the automation of security policy changes. This is most notable in APAC where 43% of organisations said cloud is impacting the automation of security policy changes. Survey results also show that the vast majority of organisations are working on initiatives focused on security automation to support cloud environments.