Most security professionals believe that they have adequate solutions on
hand and that their security infrastructures are up to date. However,
according to our study, this confidence comes with some uncertainty.
These professionals are not always sure they can muster the budgets and
brainpower to truly take advantage of the technology they have.
Threats
to organizations are coming from every direction. Adversaries are
nimble and creative, and they’re able to outfox defenses. Even in this
sobering environment, the majority of security professionals feel
confident that their security infrastructure is up to date, although
that confidence appears to be waning a bit from previous years. In 2016,
58 percent of the respondents said their security infrastructure is
very up to date and is constantly upgraded with the latest technologies.
Thirty-seven percent said they replace or upgrade their security
technologies on a regular basis but aren’t equipped with the
latest-and-greatest tools (
Figure 44).
In
addition, more than two-thirds of security professionals perceive their
security tools as very effective or extremely effective. For example,
74 percent believe their tools are very or extremely effective in
blocking known security threats, while 71 percent believe their tools
are effective at detecting network anomalies and dynamically defending
against shifts in adaptive threats (
Figure 45).
The
problem: Confidence in tools does not necessarily transfer to effective
security. As the study indicates, security departments are wrestling
with complicated tools from many vendors, as well as a lack of in-house
talent. This boils down to an “intent versus reality” problem. Security
professionals want simple, effective security tools, but they don’t have
the integrated approach they need to make this vision happen.
