Month: August 2021

Posted on

The Forrester New Wave™: Zero Trust Network Access, Q3 2021

Summary

Security professionals can use this report to select the right partner for their Zero Trust network access.

ZTNA Evaluation Overview

The Forrester New Wave™ differs from our traditional Forrester Wave™. In the Forrester New Wave evaluation, we assess only emerging technologies, and we base our analysis on a 10-criterion survey and a 2-hour briefing with each evaluated vendor. We group the 10 criteria into current offering and strategy (see Figure 1). We also review market presence.
We included 15 vendors in this assessment: Akamai Technologies, Appgate, Cisco, Citrix, Cloudflare, Google, Juniper Networks, Netskope, Palo Alto Networks, Perimeter 81, Proofpoint, Tencent Security, VMware, Wandera, and Zscaler (see Figure 2 and see Figure 3). Each of these vendors has:

  • A proprietary Zero Trust network access product or service. We included vendors that demonstrate Zero Trust principles for on-premises application access by a remote workforce. We included vendors whose products and services actively replace VPN infrastructure.
  • Annual ZTNA revenues of at least $5 million. We included vendors with at least $5 million annual ZTNA revenues in the 12 months ending on the cutoff date.
  • At least 150 ZTNA customers and a global presence. We included vendors that have an install base of at least 150 active ZTNA customer organizations in production, with at least 10% of revenue outside the organization’s home region (NA, LATAM, APAC, or EMEA).
  • At least 100 full-time employees. We included vendors with at least 100 full-time employees to better compare customer support, go-to-market, and ability to support strategic initiatives.
  • An unaided mindshare within the industry. The vendors we evaluated are frequently mentioned in Forrester client inquiries, vendor selection RFPs, shortlists, consulting projects, and case studies. These vendors are also mentioned by other vendors during Forrester briefings as viable and formidable competitors.

Read the full report to find out how to evaluate ZTNA solutions to best suit your remote and hybrid workforce security needs. It covers:

    • Forrester’s evaluation criteria for ZTNA vendors
    • Strengths and factors to consider when mapping out your long-term workforce security needs

View Report

Posted on

2021 State of Security Operations by Forrester

Executive Summary

To stop modern attacks, organizations need more integration, more visibility and more automation — analysts are struggling underwater trying to keep up with the immense volume of alerts that they receive every day. Today, analysts note that they struggle to triage and investigate threats quickly, with manual processes slowing down alert triage for a striking 74% of the survey participants. Because teams face a deluge of security alerts — 11,047 alerts a day on average — many teams ignore low-priority alerts, leaving over a quarter of alerts completely untouched.

Worse yet, almost two-thirds of security teams still rely on legacy endpoint security solutions, like antivirus tools and endpoint protection platforms, which limit their ability to gather rich endpoint data for detection, investigation, and response. Security operations decision-makers recognize that they must further embrace automation to relieve their analysts and allow for more strategic work to be focused on, rather than the day-to-day tactical management. Many organizations have begun to enlist automation to assist with pieces of the security workflow, and are working to increase their level of automation over the next two years.

Palo Alto Networks commissioned Forrester Consulting to explore today’s cybersecurity challenges and opportunities. Forrester conducted an online survey with 418 global security operations decision-makers who have responsibility over detection and response purchasing to understand the state of current security operations. We found that while few organizations have reached SOC maturity, 70% of respondents have begun their automation journey and 44% expect to use more automation in the next one to two years.

KEY FINDINGS

  • ›  Security operations teams are still struggling to address the high volume of alerts. Less than half of decision-makers note that their organization is able to address most or all of the alerts they receive in a day. Teams struggle to quickly triage and investigate threats; and because they face a deluge of security alerts, many teams are forced to ignore low-priority alerts, leaving organizations vulnerable.
  • ›  Almost half of all firms report struggling to hire and retain qualified staff. Because so much of threat detection, investigation, and response is still done manually, security operations teams are dealing with high rates of analyst burnout. Many teams are beginning to automate pieces of their workflows to alleviate this.
  • ›  Nearlythree-quartersofdecision-makershavebeguntheirSOC automation journey. With full SOC automation being a long-term goal, 70% of surveyed organizations have begun their automation journey, and 44% expect to be using more automation in the next one to two years. Those who have adopted more automation report having a happier security operations team and a lower likelihood of technical challenges, such as poor visibility into security tools and a lack of tool integration.

[In Vietnamese]

Forrester đã đưa ra báo cáo The 2021 State of Security Operations, cung cấp một số thông tin chi tiết sâu về các xu hướng tự động hoá Trung tâm Giám sát và Vận hành ANTT (SOC), và cung cấp các bước khuyến nghị quan trọng để các lãnh đạo ANTT có thể áp dụng tức thì giúp nâng cao năng lực trưởng thành về ANTT trong thời gian gần.
 
Forrester đã thực hiện một khảo sát trực tuyến toàn cầu với 418 nhân sự chủ chốt ra quyết định về vận hành ANTT và chịu trách nhiệm về các quyết định trang bị năng lực về phát hiện và phản ứng sự cố để hiểu được toàn cảnh hiện trạng về vận hành ANTT hiện tại trên toàn cầu. Forrester đã phát hiện ra là dù vẫn có một số tổ chức có thể đạt được đến trạng thái trưởng thành về Giám sát và Vận hành ANTT, 70% phản hồi cho biết là đã vừa bắt đầu hành trình tự động hoá và 44% mong đợi sẽ sử dụng nhiều hơn về tự động hoá trong 1 đến 2 năm tới.
 
Một số phát hiện quan trọng từ khảo sát bao gồm:
 
– Đội ngũ vận hành ANTT vẫn đang vất vả giải quyết lượng cảnh bảo quá lớn
– Gần một nửa các tổ chức tham gia khảo sát vẫn đang vất vả trong việc tuyển dụng và giữ chân các nhân sự chất lượng
– Gần 3/4 các nhân sự chủ chốt ra quyết định đã bắt đầu thực hiện hành trình tự động hoá Trung tâm Giám sát và Vận hành ANTT (SOC) của mình
– Chỉ một vài tổ chức là tự-tin với khả năng bảo vệ trước các cuộc tấn công hiện nay
– Đội ngũ Vận hành ANTT (SecOps) phải đối mặt với trung bình 10,000 cảnh báo mỗi ngày
View Report
Posted on

2021 Gartner Market Guide for Cloud Workload Protection Platforms

Workload protection must span virtual machines, containers and serverless workloads in public and private clouds. Security and risk management leaders should use this Market Guide to understand the need for protection that spans development and runtime and includes cloud security posture management.

Key Findings

This document was revised on 27 July 2021. The document you are viewing is the corrected version. For more information, see the Corrections page on gartner.com.
  • Most enterprises are purposefully using more than one public cloud infrastructure as a service (IaaS) platform, but still have on-premises workloads to protect.
  • With cloud-native applications, workload security must start proactively during development.
  • The cloud workload protection platform (CWPP) market is increasingly overlapping with the cloud security posture management (CSPM) market and “shifting left” into development to address the full life cycle of cloud-native application protection requirements.
  • Emerging approaches, such as the use of agentless CWPPs, appeal to buyers because of their ease of deployment.
  • Enterprises using endpoint protection platform (EPP) offerings designed to protect end-user devices for server workload protection are putting their data and applications at risk.

Recommendations

Security and risk management leaders responsible for infrastructure security should:
  • Implement a CWPP offering that protects workloads regardless of location, size, runtime duration or application architecture.
  • Secure workloads earlier by extending workload scanning and compliance efforts into development (DevSecOps), especially for container-based and serverless function platform as a service (PaaS)-based development and deployment.
  • Consolidate CWPP and CSPM strategies over the next 12 to 24 months to reduce costs and complexity and identify risks better.
  • Design for CWPP scenarios where runtime agents cannot be used or no longer make sense. Require CWPP and CSPM vendors to support agentless deployment options.

View Report

Posted on

2021 Gartner Strategic Roadmap for SASE Convergence

Digitalization, work from anywhere and cloud-based computing have accelerated cloud-delivered SASE offerings to enable anywhere, anytime access from any device. Security and risk management leaders should build a migration plan from legacy perimeter and hardware-based offerings to a SASE model.

Key Findings

  • To protect anywhere, anytime access to digital capabilities, security must become software-defined and cloud-delivered, forcing changes in security architecture and vendor selection.
  • Perimeter-based approaches to securing anywhere, anytime access has resulted in a patchwork of vendors, policies, and consoles creating complexity for security administrators and users.
  • Enterprises that consider existing skill sets, vendors, and products and timing of hardware refresh cycles as migration factors will reduce their secure access service edge (SASE) adoption time frame by half.
  • Branch office transformation projects (including software-defined WAN [SD-WAN], MPLS offload, internet-only branch and associated cost savings) are increasingly part of the SASE project scope.
  • SASE is a pragmatic and compelling model that can be partially or fully implemented today.

Recommendations

Security and risk management leaders responsible for infrastructure security should develop a roadmap for the adoption of SASE capabilities and offerings:
Short term:
  • Deploy zero trust network access (ZTNA) to augment or replace legacy VPN for remote users, especially for high-risk use cases.
  • Inventory equipment and contracts to implement a multiyear phase out of on-premises perimeter and branch hardware in favor of cloud-based delivery of SASE capabilities.
  • Consolidate vendors and cut complexity and costs as contracts renew for secure web gateways (SWGs), cloud access security brokers (CASBs) and VPN. Leverage a converged market that emerges combining these security edge services.
  • Actively engage with initiatives for branch office transformation and MPLS offload in order to integrate cloud-based security edge services into the scope of project planning.
Longer term:
  • Consolidate SASE offerings to a single vendor or two explicitly partnered vendors.
  • Implement ZTNA for all users regardless of location, including when in the office or branch.
  • Choose SASE offerings that allow control of where inspection takes place, how traffic is routed, what is logged, and where logs are stored to meet privacy and compliance requirements.
  • Create a dedicated team of security and networking experts with a shared responsibility for secure access engineering spanning on-premises, remote workers, branch offices and edge locations.

View Report

English
English
Exit mobile version