Purpose: The slides provide an overview on the I.T. Security trend
Content: Summary information about the I.T. Security marketplace, including trends drivers, spending trends, industry business cases, and adoption challenges. Also included are links to additional resources.
How To Use This Report: This report is best read/studied and used as a learning document. You may want to view the slides in slideshow mode so you can easily follow the links
Available on Slideshare: This presentation (and other Trend Reports for 2017) will be available publically on Slideshare at http://www.slideshare.net/horizonwatching
Please Note: This report is based on internal IBM analysis and is not meant to be a statement of direction by IBM nor is IBM committing to any particular technology or solution.
Developer Data Modeling Mistakes: From Postgres to NoSQL
IBM Security Trend Report Insights
1. Note: This report is based on internal IBM analysis and is not meant to be a statement of direction by IBM nor is IBM committing to any particular technology or solution.
Welcome to the new era of cognitive security
Sonya Gordon, Market Development, Senior Advisor - IBM Security
Bill Chamberlin, Distinguished Market Intelligence Professional, MD&I HorizonWatch
February 15, 2017
Security Trend Report, 2017
2. Note: This report is based on internal IBM analysis and is not meant to be a statement of direction by IBM nor is IBM committing to any particular technology or solution.
About This Trend Report
15Feb2017
Purpose: The slides provide an overview on the I.T. Security trend
Content: Summary information about the I.T. Security marketplace, including
trends drivers, spending trends, industry business cases, and adoption
challenges. Also included are links to additional resources.
How To Use This Report: This report is best read/studied and used as a
learning document. You may want to view the slides in slideshow mode so you
can easily follow the links
Available on Slideshare: This presentation (and other Trend Reports for
2017) will be available publically on Slideshare at
http://www.slideshare.net/horizonwatching
Please Note: This report is based on internal IBM analysis and is not meant to
be a statement of direction by IBM nor is IBM committing to any particular
technology or solution.
2 Security Trend Report, 2017 (External Version)
3. Note: This report is based on internal IBM analysis and is not meant to be a statement of direction by IBM nor is IBM committing to any particular technology or solution.
An overview of the IT Security trend
Drivers Security Spending
Growth in endpoints from mobile to wearables to IoT
devices
Increased threats from malware, cybercrime, Phishing,
& bots
High profile security breaches are damaging brands
Rise of virtualization & cloud which separates data user
and data owner
Mobile employees want access anytime, anywhere
Increased focus on Corporate risk management,
governance, compliance.
Increased focus on identity services - trusted, privacy-
enabling, shared and easy-to-use identities
Inhibitors/Challenges
Security is a barrier to cloud adoption, mobile, and IoT
ROI is still not a true value of measurement of security
investment
Keeping up with BYO-everything
Increasing complexity of security environment
Skill gaps
Key Insights
15Feb20173
Implications
Increased pressure on the CISO role to
manage risk end-to-end across entire
organization and every endpoint, every
network connection
Increased need for skilled security
professionals and service providers
Compliance requires continued investment
IT must understand implications of key
trends such as cloud, mobility, social, big
data, IoT, etc.
Encryption behind the firewall becomes a
necessity
Biometrics continues to be an emerging
technology that can be embedded into
mobile solutions to enhance information
security
Cognitive computing applied to security is
an increasingly attractive solution
In today’s data-driven, highly distributed world, there are serious threats that must be addressed head-on.
New complexities and challenges are arising every day. Companies are looking for an integrated system of
analytics, real-time defenses and expert resources to defend networks, systems and data.
Security Trend Report, 2017 (External Version)
4. Note: This report is based on internal IBM analysis and is not meant to be a statement of direction by IBM nor is IBM committing to any particular technology or solution.
Trends to watch within Security for 2017
“Worldwide revenues for security-related
hardware, software, and services will grow from
$73.7 billion in 2016 to $101.6 billion in 2020.
The largest category of investment will be
security-related services, which will account for
nearly 45% of all security spending worldwide ”
IDC
Market Trends
15Feb20174
Other views on 2017 Trends
• Fortune: Here's How Much Businesses
Worldwide Will Spend on Cybersecurity by 2020
• eWeek: 8 Predictions About How the Security
Industry Will Fare in 2017
• INC: How Cyber Criminals Will Weaponize the
Internet of Things in 2017
• NetworkWorld: 5 cybersecurity trends to watch
for 2017
• Information Age: 10 cyber security trends to look
out for in 2017
• O'Reilly: 4 trends in security data science for
2017
1. Increased Pressure on CISOs. IT security programs
are under more pressure than ever before. Corporate
Boards want to know that security risks are being
minimized and that programs are legally defensible.
2. Services in demand. Security services, especially
professional services, contribute the most revenue in
the market. Network security is a large segment and
Mobile enterprise management will generate the
strongest growth.
3. Focus turns to “Response and Remediation”. It’s
very difficult to prevent attacks so more focus is being
shifted towards post-attack analytic-powered solutions
that identify the attacks as they happen and minimize
the resulting damage.
4. Growth in SIEM, IAM, mobile security and
services. Expect increased demand for security
identity and event management (SIEM), Identity and
Access Management (IAM) as a Service and mobile
payment security in 2017.
“60% of enterprise information security budgets
will be allocated to rapid detection and response
approaches by 2020.” Gartner
Security Trend Report, 2017 (External Version)
5. Note: This report is based on internal IBM analysis and is not meant to be a statement of direction by IBM nor is IBM committing to any particular technology or solution.
Trends to watch within Security for 2017 (continued)
“The intelligent digital mesh and related digital
technology platforms and application
architectures create an ever-more-complex
world for security. The IoT edge is a new
frontier for many IT security professionals
creating new vulnerability areas and often
requiring new remediation tools and processes
that must be factored into IoT platform efforts.”
Gartner
Market Trends
15Feb20175
5. Edge of IoT devices and apps create new
security revenue opportunities. The increased
security risk of IoT over pure IT systems remains
a key challenge for IoT implementations.
Enterprise look to consultants for help.
6. Enter cognitive security. Intelligent cognitive
solutions generate recommendations for
improved security in real time. As a result,
cognitive security will help address the current
skills gap, accelerate responses and help reduce
the cost and complexity of dealing with
cybercrime. Due to the increasing scale and
complexity of threats, cognitive research is
quickly intersecting with cybersecurity
7. Demand increases for SECaaS. Customers are
choosing cloud-based security services for
improved flexibility and scalability of security
functions. Expect interest in incident response
services (e.g., detection and remediation) and
SIEM as a Service in 2017.
IBM: Security Immune System (Infographic)
Security Trend Report, 2017 (External Version)
6. Note: This report is based on internal IBM analysis and is not meant to be a statement of direction by IBM nor is IBM committing to any particular technology or solution.
Trends to watch within Security for 2017 (continued)
Market Trends
15Feb20176
8. Security Intelligence Event Management (SIEM):
Demand for SIEMs in 2017 will go beyond simple log
collection/correlation to include more advanced
analytics, such as behavioral analytics.
9. Identity Access Management (IAM). The
transformation to digital has accelerated the
requirement for IAM capabilities, including both
employee and consumer identity management as
well as an increased focus on identity management
for all devices and endpoints in the Internet of Things
(IoT)..
10. Mobile security: As mobility security services begin
to mature, more demand for blended managed and
hosted security mobility services. Success depends
on a combination of people, process, and technology
11. Managed Services. Enterprises increasingly expect
a flexible blend of managed and hosted security
services as well as varying levels of monitoring and
management for different areas of their business.
“The 2017 threats predictions run the
gamut, including threats around
ransomware, sophisticated hardware
and firmware attacks, attacks on “smart
home” IoT devices, the use of machine
learning to enhance social engineering
attacks, and an increase in cooperation
between industry and law enforcement.”-
Security Magazine
451 Research: 2017 Trends
in Information Security
CIO: 2017 Security Predictions
Security Trend Report, 2017 (External Version)
7. Note: This report is based on internal IBM analysis and is not meant to be a statement of direction by IBM nor is IBM committing to any particular technology or solution.
Six emerging security solution trends to watch
1. Remote Browser: Isolates the browser from the rest of the
endpoint and from the corporate network, reducing the
potential damage of malware
2. Deception: The use of deceit and/or feints designed to throw
off an attacker and disrupt their automation tools, delay their
activities or disrupt breach progression.
3. Breach Simulation Tools: Use threat actors and a
understanding of the network to continuously assess
infrastructure and apps for potential to be breached
4. Hunting Techniques: Advanced analytics, machine learning
and technologies that allow data analysis and pivoting to seek
out incidents
5. Intelligent Security Operations Center (ISOC): Go beyond
events-based monitoring and traditional defenses. It has an
adaptive architecture and includes context-aware components
6. Cognitive Computing Security Technologies: Due to the
increasing scale and complexity of threats, cognitive research
is quickly intersecting with cybersecurity. Companies will look
to deploy analytics-driven, machine learning-based security
decision support systems and technologies.
“Built upon security intelligence, cognitive
solutions generate not just answers, but
hypotheses, evidence-based reasoning
and recommendations for improved
decision making in real time. As a result,
cognitive security will help address the
current skills gap, accelerate responses
and help reduce the cost and complexity
of dealing with cybercrime.” IBM
Market Trends
15Feb20177
IBM: The IBM Security Immune System (brief)
“When choosing the appropriate platform
for threat hunting, look at specific
elements of automation, how they
incorporate various data sources, and
their ability to identify and correlate
patterns and to fully investigate and
uncover adversary activity.” SANS
Security Trend Report, 2017 (External Version)
8. Note: This report is based on internal IBM analysis and is not meant to be a statement of direction by IBM nor is IBM committing to any particular technology or solution.
Trends to watch within selected vertical industries
Market Trends
15Feb20178
• Retail. The significant and widely publicized breaches at large
retailers continue to raise awareness and demand for security
spending. Retailers put pressure on their OEM partners, including
point of sale (POS) manufacturers, and suppliers to invest in
security controls. In 2017, look also for an increased focus on
fraud solutions and PCI compliance activities.
• Healthcare. Healthcare is the #1 industry for records
compromised. Because medical records cannot be cancelled like
credit cards, they have a high value to cybercriminals. Breaches
against healthcare providers are frequently attributed to highly
organized, well-funded criminal organizations, compelling
healthcare companies to expand their advanced threat detection
projects. The focus in 2017 will be on data security and
compliance.
• Banking. The biggest security challenge for banking customers
is assessing the security capabilities of their third-party business
partners. Privacy, security and compliance when it comes to data
are the top concerns. To decrease risk of attacks that originate in
third parties’ infrastructures, banks will increase spending on
products and services that help them monitor the security
postures of third parties.
• Telco. Telecommunications operators are increasingly targeted
by hackers and hacktivists that aim to disrupt phone and Internet
service for millions of consumers and businesses. While most
operators have established strong security controls, they still face
significant risks in their supply chains, including partners’ security
infrastructure sourced from manufacturers in different countries.
“As the intersection of personalization,
privacy and security grows ever more
complex, the challenge for retailers to
protect their consumers’ sensitive
information from the standpoints of
both privacy and security intensifies.”-
IBM
Healthcare IT News: Top 10
cybersecurity must-haves for 2017
IBM: Security Trends in the Retail
Industry
Security Trend Report, 2017 (External Version)
9. Note: This report is based on internal IBM analysis and is not meant to be a statement of direction by IBM nor is IBM committing to any particular technology or solution.
Staffing shortages, lack of analytics capability and
international security laws inhibit adoption
Security staffing shortages. Nearly two-thirds of
organizations worldwide report challenges hiring
skilled IT security professionals. Security staffing
shortages are especially pronounced in the U.S.,
where demand for security professionals will grow by
53% through 2018.
Lack of Analytics Capabilities. Many firms just are
not collecting and managing the data that would
allow them to perform the analytics that can help
them identify threats and then reduce the average
incident response and resolution time.
International privacy and data location
regulations. There are hundreds of different laws
around data collection, processing and transfer as
well as breach notification in different countries,
making it difficult for organizations to execute a
security strategy that will be acceptable in all
regions.
“Detection must be able to identify changing use
patterns; to execute complex analysis rapidly,
close to real time; to perform complex
correlations across a variety of data sources
ranging from server and application logs to
network events and user activities.” BI-Survey Big
Data Security Analytics: Infographic
Adoption Challenges
15Feb20179
TrustWave: 57% of IT Security Professionals
Struggle to Find Talent
CIO: 4 critical security challenges facing IoT
Security Trend Report, 2017 (External Version)
10. Note: This report is based on internal IBM analysis and is not meant to be a statement of direction by IBM nor is IBM committing to any particular technology or solution.
Selected Analyst Information and Resources
Featured Links
15Feb201710
451 Research: Security
Forrester: Security Research
Frost & Sullivan: Cyber Security
Gartner: Digital Risk and Security
TBR: Security
IDC:
Security Products and Services
Security Research
Search for IDC Security
Gartner: Top Security Trends for 2016-2017
Forrester: WEBINAR: Dive Deeper Into The
Forrester Wave™: Digital Risk Monitoring, Q3 2016
Security Trend Report, 2017 (External Version)
11. Note: This report is based on internal IBM analysis and is not meant to be a statement of direction by IBM nor is IBM committing to any particular technology or solution.
Selected Media Websites and Other Resources
CIO.com: Security
ComputerWorld: Security
eWeek: Security
IDG Enterprise: Security
InformationWeek: Dark Reading
InfoWorld: Security
Network World: Security Research Center
VentureBeat: Security
Wired: Security
15Feb201711
Reuters: CIA unveils new rules for collecting
information on Americans
Featured Links
InfoWorld: Security
“According to Forrester, 58 percent of breaches
are caused from internal incidents or with a
business partner’s organization. And 55 percent of
attacks are originated by an insider as cited in the
2015 IBM Cyber Security Intelligence Index.” CIO
How to eliminate insider threats
Security Trend Report, 2017 (External Version)
12. Note: This report is based on internal IBM analysis and is not meant to be a statement of direction by IBM nor is IBM committing to any particular technology or solution.
Selected IT Vendor Websites & Resources
Accenture: Security Services
Amazon Web Services: Security and Compliance Center
Booz Allen: Cyber Solutions
Cisco: Security
Deloitte: Cyber Security Services
Google: Application Security
HP: Security
IBM: Security and Security Software and Chief
Information Security Officer
Microsoft: Security
Oracle: Security
PWC: Cybersecurity
RSA: Security
SAP: Security
Tata Consultancy Services: Security Services
VMware: Security
Wipro: Security
IBM: Security Redbooks
15Feb201712
“In a world where privacy has become
a competitive differentiator for multi-
national organizations, businesses
must increasingly work with their
general counsels and chief privacy
officers to understand global data
privacy requirements, implementing
controls that protect personal data
accordingly.”- Christopher Sherman,
Forrester Analyst
Featured Links
Security Trend Report, 2017 (External Version)
13. Note: This report is based on internal IBM analysis and is not meant to be a statement of direction by IBM nor is IBM committing to any particular technology or solution.
Selected Social Media Sites and Searches
Facebook Security page
Google Blog Search: Cybersecurity
Google+ Communities Search: Security
LinkedIn Group Search: Security
IBM IBM Security Intelligence
Pinterest Search: Information Security and
Cybersecurity
Slideshare: IT Security and Information Security
and Cybersecurity
Twitter: Search on hashtags: #security /
#cybersecurity / #infosec
YouTube:
Information Security Playlists / Channels
CyberSecurity Playlists / Channels
Wikipedia: Information Security and
CyberSecurity
Information Security playlists YouTube
15Feb201713
Featured Links
Security Trend Report, 2017 (External Version)
14. Note: This report is based on internal IBM analysis and is not meant to be a statement of direction by IBM nor is IBM committing to any particular technology or solution.
IBM Resources and Links
ibm.com links
• IBM Security: www.ibm.com/security/
• Cognitive Security
• Cloud Security
• Mobile Security
• Solutions
• Products
• Services
• News
• developerWorks: Security
• x-Force: X-Force
• IBM Redbooks: Security
IBM Social Media Platforms
• Social Aggregator: Security
• Community: IBM Security Intelligence
• Twitter: @ibmsecurity and @ibmxforce -
hashtags: #ibmsecurity and #infosec
• Blogs: Security Intelligence Blog / X-Force / CISO
Corner
• YouTube: IBM Security
• LinkedIn Group: IBM Security
15Feb201714
IBM: Step up to the Cognitive Era with
Watson for Cyber Security
“Cybersecurity is more than an IT concern,
it requires engagement from across the
business. However, many executives are
either unclear on the risks or not
sufficiently engaged in threat
management.” IBM: Cybersecurity perspectives
from the boardroom and C-suite
Featured Links
Security Trend Report, 2017 (External Version)
15. Note: This report is based on internal IBM analysis and is not meant to be a statement of direction by IBM nor is IBM committing to any particular technology or solution.
More Insights on Technology Trends are Available
15
Other slide decks in this 2017 Trend Report series have been posted to Slideshare
You are also invited to check out the following IBM websites and resources
– IBM Academy of Technology
– IBM Institute for Business Value
– IBM Research and Research News and 5 in 5
– IBM’s THINK blog
– IBM Think Academy on YouTube
15Feb2017 Security Trend Report, 2017 (External Version)