451 Global Digital Infrastructure Alliance Report

January 2016

Information Security Trends:

Latest 451 Alliance Survey Looks at Top Security Threats
Along with a Close-up Look at SIEM Adoption
About This Report
A September survey of 910 members of the 451 Global Digital Infrastructure Alliance looked
at key information security trends and challenges, including overall security spending. The
survey also focused on Security Information and Event Management (SIEM) one of the
leading technologies going forward in terms of planned deployments.
IT Security Spending Has Momentum. A robust 45% of respondents expect their
organizations IT security spending to increase over the next 90 days up 8 points since the
previous survey in June. Only 4% say spending will decrease.
Top Security Concerns. Hackers/Crackers with Malicious Intent (41.5%) ranks as the top
security concern among IT security professionals. Compliance Requirements (37.9%) comes
in second, followed by Industry Specific Compliance (34.3%).
Top Threats Going Forward. Hackers/Crackers with Malicious Intent (21.5%) also tops the
list of leading security threats that companies need to address going forward. Preventing/
Detecting Insider Espionage (17.9%) and Cyber-warfare (11.7%) are other top threats.
Security Information and Event Management (SIEM) Vendors. The number one SIEM
vendor is Splunk (33%), with IBM (19%) and HP (19%) tied for second. Splunk also received
the highest very satisfied rating (54%) from users.

Overall IT Security Spending

A robust 45% of respondents expect their organizations IT security spending to increase
over the next 90 days, up 8 points from the previous survey in June 2015. Another 4% say
spending will decrease unchanged from previously.

IT Security Spending Plans

How would you describe your organizations spending plans for
overall information security over the next 90 days?
59%

60%

51%
45%

40%

Previous Survey (Jun 2015)

Current Survey (Sep 2015)

37%

20%
4%

4%

0%
Increase
2015 451 Research, LLC.

No Change

Decrease

This information is from 451 Research, and contains confidential business information.
It may not be copied or distributed without permission. 2015 451 Research, LLC. All rights reserved.

Security spending growth is greater among large and midsized organizations than
smaller ones (<250 employees).
How would you describe your organizations spending plans for overall
information security over the next 90 days?

Increase

< 250
employees
34%

250-1000
employees
46%

> 1000
employees
48%

Decrease

6%

4%

4%

No Change

61%

50%

48%

In terms of industry verticals, the spending increase is most pronounced in the healthcare
and retail industries. That is not surprising, given recent well-publicized data breaches for
companies in these industries (e.g., BlueCross BlueShield, Anthem, CVS).
Data Breaches Effect on Security Spending
The survey took a closer look at how security spending is being affected by recent headlines
on data breaches, along with reports that government regulatory authorities will be targeting
breached companies that fail to close known vulnerabilities.
A total of 31% said this is causing an increase in their spending for security (6% Significant
Increase; 25% Slight).
How are recent headlines on data breaches, and news that government
regulatory authorities will go after companies who are breached and did
not close known vulnerabilities, affecting your security spend over the
next 90 days?
Significant Increase

6%

Slight Increase

25%

No Change

68%

Slight Decrease

1%

Significant Decrease

0%

Security Budgets vs. Overall IT Budgets

More than half (57%) of organizations include information security as part of their overall IT
budget. But such an all-encompassing budget method calls into question the security
managers ability to accurately track their investment and conduct cost-benefit analyses.

This information is from 451 Research, and contains confidential business information.
It may not be copied or distributed without permission. 2015 451 Research, LLC. All rights reserved.
2

Info Security Budget vs. Overall IT Budget

How would you broadly categorize your budgeting for
information security?
Dont have separate budget for
info security, it's part of IT budget

57%

Include people and cost of tools directly

attributable to info security in security budget

22%

Include both people and cost of all tools

related to info security in security budget

17%

Include only people resources

in info security budget

3%

Other
2015 451 Research, LLC.

2%
0%

20%

40%

60%

According to 451 Research security analyst Daniel Kennedy, Not being able to separate
information security as a discipline from overall information technology can create a conflict of
interest between the overall goals of IT versus those of security.
We note that the survey shows 39% of respondents saying their company has a dedicated
information security budget with 17% containing everything security related and 22%
containing resources directly attributed to security.

Top Security Concerns and Challenges

Respondents were asked about their top information security concerns over the past 90 days,
and 42% said it was Hackers/Crackers with Malicious Intent. Also ranking high on the list:
Compliance Requirements (38%) and Industry Specific Compliance (34%).

Top Info Security Concerns - Last 90 Days

What have been your top information security
concerns over the last 90 days?
Hackers/Crackers with Malicious Intent
Compliance Requirements (Due Care)
Industry Specific Compliance
Internal Audit Deficiencies Based on Findings
Government Regulatory/Legal Compliance
Comply with Customer/Client Requirements
Preventing/Detecting Insider Espionage
Cyber-warfare
Comply with Partner/Supplier Requirements
Performance Degradation Due to Compliance
Risk of Lawsuit Due to Poor Security Controls
Other
2015 451 Research, LLC.

42%
38%
34%
31%
28%
26%
18%
17%
16%
11%
10%
4%
0%

25%

50%

Looking ahead, Hackers/Crackers with Malicious Intent (22%) remains the top security threat
that respondents believe is inadequately covered by their organization and worries them
going forward. Preventing/Detecting Insider Espionage (18%) and Cyber-warfare (12%) are
additional key worries.
This information is from 451 Research, and contains confidential business information.
It may not be copied or distributed without permission. 2015 451 Research, LLC. All rights reserved.
3

Top Security Threats Going Forward

Which information security threat do you think is inadequately
covered today by your organization that worries you most going
forward?
Hackers/Crackers with Malicious Intent
Preventing/Detecting Insider Espionage
Cyber-warfare
Internal Audit Deficiencies Based on Findings
Industry Specific Compliance
Compliance Requirements
Comply with Customer/Client Requirements
Performance Degradation Due to Compliance
Risk of Lawsuit Due to Poor Security Controls
Government Regulatory/Legal Compliance
Comply with Partner/Supplier Requirements
Other

2015 451 Research, LLC.

22%
18%
12%
7%
7%
6%
6%
6%
4%
3%
3%
6%

0%

5%

10%

15%

20%

25%

Internal IT Security Pain Points

User Behavior (14%) is the leading internal IT security pain point, followed by Organizational
Politics/Lack of Attention to Information Security (11%).

Top Internal Security Pain Points

What do you consider your top internal information security
pain point within your organization for the last 90 days?
User Behavior
Politics/Lack of Attention to Security
Compliance Related Requirements
Staffing Information Security
Malicious Software (Malware)
Security Awareness Training
Lack of Budget
Vulnerability Management
Data Loss/Theft
Endpoint Security
Accurate Monitoring of Security Events
Application Security
Mobile Device Security
Cloud Security
Keeping Up with New Technology
Other
2015 451 Research, LLC.

14%
11%
9%
8%
6%
6%
5%
5%
5%
4%
4%
4%
3%
3%
3%
11%

This information is from 451 Research, and contains confidential business information.
It may not be copied or distributed without permission. 2015 451 Research, LLC. All rights reserved.
4

Security Information and Event Management (SIEM)

Security Information and Event Management (SIEM) solutions act as a central repository for
security events, along with the gathering and analyzing of information from a wide array of
systems, and utilizing threat intelligence to identify potential security problems. SIEM also has
a reputation for complexity, with systems historically being difficult to set up and maintain.
The previous 451 Alliance security survey in June found Security Information and Event
Management (SIEM) was the leading technology in terms of planned deployments over the
next 12 months.
Which of the following security technologies does your organization
plan to begin using over the next 90 days?
Security Information and Event Management (SIEM)

18%

Mobile Device Management (MDM) Enterprise Mobility Management

17%

Vulnerability Assessment

13%

Dynamic and/or Static Application Security Tools (DAST/SAST)

11%

Intrusion Detection/Prevention Systems (IDS/IPS)

10%

None of the Above

50%

A Closer Look at SIEM

In the current survey, better than one in two respondents (56%) say their organization already
has a SIEM solution deployed. Looking ahead, another 21% plan to deploy a SIEM solution
over the next 12 months.
SIEM solutions are more commonly used in large organizations of more than 1,000
employees (66%). Only 36% of small organizations (<250 employees) are currently using a
SIEM solution.
SIEM originated in compliance and auditing, but the survey shows SIEM has transcended its
origins. An overwhelming 92% of SIEM users say they would still have a SIEM solution in
place even if no compliance requirement existed.
Managing and Monitoring SIEM Operations and Alerts
Respondents were asked about how their company manages and monitors SIEM systems,
and the results reinforce the perception that SIEM solutions are complex.
A total of 57% of SIEM users say their company assigns multiple security professionals to
their SIEM, while only 15% manage and monitor the SIEM with a single employee. Another
14% depend on a third party to manage SIEM.

This information is from 451 Research, and contains confidential business information.
It may not be copied or distributed without permission. 2015 451 Research, LLC. All rights reserved.
5

Operations Management of SIEM

How are security operations and alerts for the security
information and event management (SIEM) handled at your
organization?
Multiple security professionals
manage and monitor our SIEM

57%

One security professional

manages and monitors our SIEM

15%

We depend on an external vendor/managed

provider for our SIEM management

14%

SIEM is primarily for forensics/incident

response and is not actively monitored

12%

Other

2%
0%

2015 451 Research, LLC.

20%

40%

60%

The complexity of SIEM operations means it can take months or even years for the full
benefits of SIEM to be realized. Indeed, only 32% of respondents believe their company is
achieving greater than 80% utilization of their SIEM installation.
Nearly the same percentage (29%) say they are currently operating at less than 40% of the
efficacy they expected to get from installing their SIEM.
SIEM Inhibitors
We asked respondents about the primary inhibitors to adopting or fully utilizing a SIEM
solution. Lack of Staff Expertise (44%) ranks as the biggest inhibitor, with Inadequate
Staffing (28%) second, followed by Solution Complexity (25%).
SIEM Vendors
Respondents were asked which vendors theyre using for their SIEM solution. A third (33%)
report they are using Splunk, with IBM and HP tied for second (19%).

SIEM Vendors in Use

Which of the following vendor(s) is your organization currently
using for Security Information and Event Management (SIEM)?
Splunk
IBM
HP
SolarWinds
Symantec
Intel (McAfee)
Open Source
EMC (RSA)
LogRhythm
AlienVault
Micro Focus (NetIQ)
Trustwave
EIQ Networks
Other

33%
19%
19%
17%
17%
16%
14%
13%
10%
6%
4%
3%
1%
15%

2015 451 Research, LLC.

This information is from 451 Research, and contains confidential business information.
It may not be copied or distributed without permission. 2015 451 Research, LLC. All rights reserved.
6

SIEM Vendor Satisfaction

Overall satisfaction with SIEM products appears strong, with 43% of respondents saying
theyre very satisfied and 50% somewhat satisfied.
In terms of the top three vendors, Splunk (54%) received the highest very satisfied rating.
IBM (39%) came in second, followed by HP (29%).

Customer Satisfaction by Vendor

Overall, how satisfied are you with your vendor? Please use a
0-10 scale where 0 is 'Not at All Satisfied' and 10 is 'Extremely
Satisfied.'
Splunk

IBM

HP

54%

39%

29%

Very Satisfied (8-10)

44%

52%

1%

9%

65%

Somewhat Satisfied (4-7)

6%

Unsatisfied (0-3)

2015 451 Research, LLC.

Likelihood of Switching SIEM Vendors. A total of 12% of respondents report their

organization is very likely to switch vendors over the next year. Another 30% say they are
somewhat likely, while three in five (59%) say they are unlikely to switch.
Reason for Switching SIEM Vendors. Among SIEM users who have switched or plan to
switch vendors, Cost (18%) is cited as the primary reason, followed by Lack of Features/
Functionality (14%) and Product Usability (13%).

This information is from 451 Research, and contains confidential business information.
It may not be copied or distributed without permission. 2015 451 Research, LLC. All rights reserved.
7