ema network security survey findings (sep 2016)

Ixia contracted Enterprise Management Associates (EMA), a market research firm in the technology space, to conduct professional, non-vendor biased research into the topic of network security practices and concerns. EMA recruited 242 qualified respondents employed as network and/or security professionals to survey during September 2016. The raw questions and responses are summarized here.

Enterprise Management Associates Network Security Findingsa survey conducted for Ixia

January 5, 2017

For an interpretation of these results, as they relate to network security architecture, visit: https://www.ixiacom.com/company/blog/network-security-survey-finds-areas-improvement-2017.

For more information about Ixia security solutions, visit: https://www.ixiacom.com/solutions/network-security.

EMA Network Security Survey Findings

Slide 2 © 2016 Enterprise Management Associates, Inc.

demo1: Which of the following best describes your role in the organization?

0%7%

10%5%

4%1%

10%3%

4%9%

31%16%

0%0%0%0%0%0%0%0%0%

0% 5% 10% 15% 20% 25% 30% 35%

IT-related Administrator/SpecialistIT-related Systems …

IT-related Software Engineer/DeveloperInfrastructure Engineer (network/systems)

IT-related Consultant/IntegratorIT-related Architect

IT/Security Operations StaffIT-related Business Analyst

IT-related Project/Program ManagerIT-related Manager/Supervisor (or equivalent)

IT/Security ManagerIT-related Director (or equivalent)

IT-related Vice President (or equivalent)CIO/CTO (IT Executive Management)

CISO/CSO/Chief Risk or Compliance OfficerCEO/COO/CFO (Business Executive …

Corporate/Line of Business Vice President …Corporate/Line of Business Director (or …

Corporate/Line of Business …Corporate/Line of Business Staff

Other

Column %

Sample Size = 242



demo2: Which of the following best describes the department or functional area in which you work?

100%

0%

0% 20% 40% 60% 80% 100% 120%

IT/IS/Network

Other

Column %

Sample Size = 242



demo3: You have indicated that your role and/or department is best described by IT/IS/Network. Within this area, which group do you belong to?

0%27%

0%0%0%0%

7%7%

41%2%2%

5%0%

7%0%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

Applications DevelopmentIT Operations Planning/Design

IT Financial ManagementIT Architecture

Business AnalysisProject/Program Management

Operations - Network Operations Center …Operations - Data Center

SecurityService Desk, Service Support, Help Desk

Cross-Domain Service Delivery OrganizationCross-Domain Support Organization for IT

Executive IT ManagementNetwork Engineering/Planning

Other

Column %

Sample Size = 242



qual1: Does your organization use network visibility controllers (NVCs) to stream packets to network and security monitoring tools?

79%

21%

0%

0%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

Yes, we currently use NVCs

Not currently, but we plan to deploy NVCs within the next 12 months

No, we have no plans to deploy NVCs within the next 12 months

Do not know

Column %

Sample Size = 242



qual2mr: At which stages are you involved with your organization's use of network visibility controllers (NVCs)?

59%

43%

55%

57%

64%

0%

0% 10% 20% 30% 40% 50% 60% 70%

Research and evaluate NVCs

Procure NVCs

Plan/deploy NVCs and/or the packet-based tools connected to them

Manage and maintain NVCs

Use network and security monitoring tools connected to NVCs

None of the above

% Valid Cases (Mentions / Valid Cases)

Sample Size = 242, Valid Cases = 242, Total Mentions = 672



demo4: How many employees are in your company worldwide?

0%

13%

23%

20%

12%

16%

6%

10%

0% 5% 10% 15% 20% 25%

Fewer than 250

250 - 499

500 - 999

1,000 - 2,499

2,500 - 4,999

5,000 - 9,999

10,000 - 19,999

20,000 or more

Column %

Sample Size = 242



demo5: Which of the following best describes your company's primary industry?

2%3%

2%7%

9%2%

8%15%

0%14%

1%1%

2%7%

0%0%0%0%

7%2%

9%2%

1%2%2%

0% 2% 4% 6% 8% 10% 12% 14% 16%

Aerospace/DefenseConsulting - Computer or Networking Related

Consulting - All Other (Not Computer or …Education

Finance/Banking/InsuranceGovernment

Healthcare/Medical/PharmaceuticalHigh Technology - Software

High Technology - Reseller/VAR/Systems …High Technology -…

Hospitality/Entertainment/Recreation/TravelLegal

Manufacturing - Computer Hardware or …Manufacturing - All Other (Not Computer …

Marketing/Advertising/PR Agency/Market …Media/Publishing/Broadcasting

Non-Profit/Not for ProfitOil/Gas/Chemicals

Professional Services - Computer or …Professional Services - All Other (Not …

Retail/Wholesale/DistributionTelecommunications

Transportation/Airlines/Trucking/RailUtilities/Energy

Other

Column %

Sample Size = 242



demo6: In which region is your corporate headquarters located?

100%

0%

0%

0%

0%

0% 20% 40% 60% 80% 100% 120%

North America

Central and South America (Latin America)

Europe-Middle East-Africa (EMEA)

Asia-Pacific (APAC)

Rest of World

Column %

Sample Size = 242



demo7: In which region are you located?

96%

2%

1%

0%

0%

0% 20% 40% 60% 80% 100% 120%

North America

Central and South America (Latin America)

Europe-Middle East-Africa (EMEA)

Asia-Pacific (APAC)

Rest of World

Column %

Sample Size = 242



demo8: What is your organizations annual sales revenue (in US dollars)?

0%

0%

16%

31%

28%

20%

2%

2%

0% 5% 10% 15% 20% 25% 30% 35%

Less than $1 million

$1 million to less than $5 million



$100 million to less than $1 billion

$1 billion or more

Not applicable, I work for a government or non-profit agency

Do not know

Column %

Sample Size = 242



demo9: What is your organizations annual IT budget (in US dollars)?

1%

11%

17%

25%

14%

15%

7%

7%

2%

0% 5% 10% 15% 20% 25% 30%

Less than $350,000

$350,000 to less than $1 million






$100 million or more

Do not know

Column %

Sample Size = 242



demo10: What was the percent increase or decrease of your organization's annual IT budget from last year to this year?

2%

6%

14%

36%

24%

14%

1%

1%

0%

0%

0%

1%

0% 5% 10% 15% 20% 25% 30% 35% 40%

Increased more than 75%

Increased between 50% and 75%



Increased less than 10%

Stayed the same

Decreased less than 10%

Decreased between 10% and 25%



Decreased more than 75%

Do not know

Column %

Sample Size = 242



inline1: Inline Monitoring Questions Which of the following best describes your current deployment of real-time inspection of live network traffic?

33%

40%

16%

8%

3%

0%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

We deploy tools inline behind an external bypass switch

We deploy tools inline using the tool's internal bypass function

We deploy tools inline without a bypass

We are unsure or undecided about deploying tools inline

We have no plans to deploy tools inline

Do not know

Column %

Sample Size = 242



inline2mr: You indicated that you have not yet deployed inline security monitoring tools. What has prevented you from deploying inline security monitoring tools?

15%

23%

23%

19%

12%

23%

23%

4%

27%

0%

0% 5% 10% 15% 20% 25% 30%

Inline tool failure could result in network outage

Overloaded tools could drop packets

Tools introduce latency

Too many false positives

Too expensive

Challenges of moving tools out of band

No cost-effective way to deploy tool with N+1 redundancy

Can't afford scheduled downtime for installation

Introduces too much network complexity

Other





inline3mr: Aside from a stateful (Layer 4) firewall, what other inline security tools are deployed on your network?

38%

44%

46%

40%

36%

68%

29%

14%

54%

56%

0%

0%

0%

0% 10% 20% 30% 40% 50% 60% 70% 80%

Next-generation firewall (Layer 7 inspection)

Intrusion prevention system (IPS)

Web application firewall

Security intelligence event management …

Antimalware

Antivirus

Integrated threat intelligence feed

Honey pot

Data loss prevention (DLP)

SSL decryption

Other

None

Do not know





inline4: Approximately how many of your inline security monitoring tools are connected to a network visibility controller (NVC)?

3%

5%

12%

15%

9%

16%

11%

8%

10%

3%

4%

3%

0% 2% 4% 6% 8% 10% 12% 14% 16% 18%

Less than 10%

10% to 19%

20% to 29%

30% to 39%

40% to 49%

50% to 59%

60% to 69%

70% to 79%

80% to 89%

90% to 99%

1

Do not know

Column %

Sample Size = 242



outband1mr: Out-of-Band Monitoring Questions Which kinds of out-of-band tools (i.e., connected to TAPs, SPANs, and NVCs) are most important to you?

31%

47%

55%

20%

50%

29%

20%

14%

0%

0%

0% 10% 20% 30% 40% 50% 60%

Troubleshooting/packet analyzers (e.g., packet "sniffers" or other analyzers)

Intrusion detection/prevention

Data loss prevention

Application performance monitor

Network performance monitor

Data/packet recorder

Compliance monitor

VoIP/unified communications/video analyzers

Other

Do not know





outband2: What percent of SPANs versus TAPs does your organization use for mirroring data to network visibility controllers and monitoring tools?

3%

11%

34%

27%

16%

5%

1%

4%

0% 5% 10% 15% 20% 25% 30% 35% 40%

100% TAPs

76% to 99% TAPs

51% to 75% TAPs

50% TAPs and 50% SPANs

51% to 75% SPANs

75% to 99% SPANs

100% SPANs

Do not know

Column %

Sample Size = 242



outband3: What percentage of segments on your network are currently monitored by network and security monitoring tools?2%

12%

31%

23%

19%

10%

2%

0% 5% 10% 15% 20% 25% 30% 35%

1% to 20%

21% to 40%

41% to 60%

61% to 80%

81% to 99%

1

Do not know

Column %

Sample Size = 242



outband3mr: Why doesn't your organization monitor 100% of its network segments?

35%

26%

13%

23%

24%

40%

2%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

Shortage of SPANs and TAPs

Not enough monitoring tools

Can't afford additional tools

Staff can't keep up

Tools don't provide the right capabilities

Current coverage is sufficient

Other





outband4: How would you characterize the success of your organization's use of command-line interface (CLI) for configuring and administering traffic filters in

your network visibility controllers?23%

50%

23%

3%

0%

0%

0% 10% 20% 30% 40% 50% 60%

No problems. We've got it under control.

Not bad. We get by pretty well with the occasional hiccup.

Somewhat difficult. We have a couple of experts on staff but it's a struggle.

Much too difficult. Our staff can't do it.

We don't use CLI.

Other

Column %

Sample Size = 242



outband5: Which of the following best describes the CPU utilization for all of your organization's packet-based security and monitoring tools (when considered as a

whole)?6%

26%

38%

21%

6%

0%

2%

0% 5% 10% 15% 20% 25% 30% 35% 40%

Less than 25% of capacity used

25% to 50% of capacity used



100% of capacity used

Capacity is overloaded

Do not know

Column %

Sample Size = 242



outband7: Which of the following best describes your organization's approach to monitoring 40 Gbps links?

31%

26%

28%

10%

5%

1%

0% 5% 10% 15% 20% 25% 30% 35%

Our tools fully support 40 Gbps line rate monitoring.

We monitor 40 Gbps traffic directly with 10 Gbps tools despite the risk of overload.

We load balance or filter 40 Gbps traffic flows so that we can monitor them sufficiently with

10 Gbps tools.

We do not monitor 40 Gbps links because we lack 40 Gbps tools.

Not applicable - we don't have 40 Gbps links on our network.

Do not know

Column %

Sample Size = 242



outband8: How many times per month do you change the location from which you mirror network traffic to your packet-based monitoring tools?

14%

8%

24%

19%

21%

6%

3%

4%

0% 5% 10% 15% 20% 25% 30%

Never

1

2

3

4 - 5

6 - 10

More than 10

Do not know

Column %

Sample Size = 242



outband11: How important is it that your packet-based monitoring tools receive all the packets they need?

78%

22%

0%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

Very important

Somewhat important

Not important

Column %

Sample Size = 242



outband12: How confident are you that your out-of-band packet-based monitoring tools receive all the data they need for adequate visibility into your network?

22%

48%

26%

2%

1%

0%

0%

0% 10% 20% 30% 40% 50% 60%

Extremely confident

Confident

Somewhat confident

Neither confident nor unconfident

Somewhat unconfident

Unconfident

Extremely unconfident

Column %

Sample Size = 242



outband13mr: What are the most important benefits that your organization has experienced through its use of network visibility controllers?

17%

16%

21%

15%

47%

27%

22%

40%

13%

22%

19%

0%

0% 10% 20% 30% 40% 50%

Mean time to problem diagnosis reduced

Mean time to problem resolution reduced

Useful life of tools extended

New service delivery accelerated

IT productivity improved

High availability achieved

Collaboration within IT improved

Security incidents and breaches reduced

Service level agreement (SLA) performance …

Customer satisfaction improved

Network upgrades/expansions …

Other





outband14c1: In the average work week, what percent of your time is spent on the following tasks? / Researching and responding to security incidents

4%

12%

22%

36%

23%

3%

0% 5% 10% 15% 20% 25% 30% 35% 40%

1

75% to 99%

50% to 74%

25% to 49%

1% to 24%

0% (not my role)

Column %

Sample Size = 242



outband14c2: In the average work week, what percent of your time is spent on the following tasks? / Responding to network/application performance problems

3%

12%

26%

32%

25%

2%

0% 5% 10% 15% 20% 25% 30% 35%

1

75% to 99%

50% to 74%

25% to 49%

1% to 24%

0% (not my role)

Column %

Sample Size = 242



outband14c3: In the average work week, what percent of your time is spent on the following tasks? / Configuring monitoring tools

6%

13%

20%

28%

27%

6%

0% 5% 10% 15% 20% 25% 30%

1

75% to 99%

50% to 74%

25% to 49%

1% to 24%

0% (not my role)

Column %

Sample Size = 242



outband15mr: Which packet manipulation features on a network visibility controller are the most important to your organization?

19%21%

29%33%

22%11%

17%11%11%

7%16%

17%25%

17%11%

0% 5% 10% 15% 20% 25% 30% 35%

Load balancing across multiple toolsMedia conversion (e.g., 40 Gbps to 10 Gbps)

Data filteringSSL decryption

Data maskingDeduplication

Time stampingTunneling

Port taggingHeader stripping (de-encapsulation)

Packet slicingUltra-low latency

High availability through full synchronizationDeep packet inspection

User-defined filtering

