Many organizations have turned to strengthening conventional network security “point solution” approaches to protect against threats. In 2012, organizations allocated about 24% of their overall IT security budget toward network security and 42% of firms indicated that they expected to increase budget for network security for 2013.
The majority of this network security investment is allocated to wireless security and intrusion prevention systems (IPS). In fact, 27% of organizations are planning to invest in the notoriously difficult-to-implement network access control in the coming year. However, investment strategies that put significant focus on these types of conventional technologies will do little to prevent or minimize the impact of targeted attacks.
“If organizations want to protect intellectual property and shareholder value, they must adopt advanced threat detection and response solutions that identify malicious activity quickly and enable earlier mitigation of targeted attacks,” said Sharda Tickoo, PMM, Trend Micro India.
The lack of focus on security technologies that truly combat targeted attacks is matched by the false sense of security organizations have in their ability to deal with these attacks. A large majority (77%) of IT security decision makers are confident in their organization’s ability to thwart targeted threats today.
In fact, these decision-makers claim to be almost as adept at defending against targeted attacks as they are at detecting commodity attacks. Additional Forrester survey data reveals that in the past year, 55% of organizations surveyed claim to have had no compromises or breaches. In reality, many of these organizations have been compromised but simply don’t have the technology available to detect the malicious activity. As a result, enterprises overestimate their abilities.
Targeted Attacks Require Advanced Threat Detection and Response
For this technology adoption profile, Trend Micro commissioned Forrester Consulting to create a custom survey that explored key needs for network security and security operations in enterprises in the current market.
Confidence — rightly or wrongly placed — in current security capabilities isn’t enough for targeted threats, and mature security organizations will recognize this fact. Targeted threat detection and response isn’t a single point solution product or technology but rather a combination of technologies and competencies that integrate into a company’s security strategy.