Markets

Our seasoned analysts couple their industry-leading B2B research with in-depth buyer intent data for unparalleled insights about critical technology markets.

Overview

Business Applications

Cybersecurity

Data Management, Analytics & AI

Infrastructure, Cloud & DevOps

Services

Clients trust us across their GTMs—from strategy and product development to competitive insights and content creation—because we deliver high-quality, actionable support.

Overview

Insights

Browse our extensive library of research reports, research-based content, and blogs for actionable data and expert analysis of the latest B2B technology trends, market dynamics, and business opportunities.

Insights
Contact Us

Cybersecurity & Networking

  • The Impact of XDR in the Modern SOC

    ·

    Dave Gruber

    This Master Survey Results presentation focuses on the extension of EDR, NDR, and other security analytics solutions in support of broad threat detection and response programs via emerging XDR technology solutions.

    (more…)

  • XDR is Coming, CISOs Need to Prepare Accordingly

    ·

    Jon Oltsik

    GettyImages-1192823232Beyond threat detection and response, CISOs should think of XDR as a catalyst for modernizing the SOC, automating processes, and improving staff productivity.

    According to Enterprise Strategy Group research, enterprise organizations claim that improving detection of advanced cyber-threats is their highest priority for security operations. As a result, 83% of organizations will increase threat detection and response spending over the next 12 to 18 months.

    This is no surprise—threat detection and response is always a high priority. Unfortunately, the data reveals something else. Despite spending millions of dollars on cybersecurity technology over the past few years, most organizations still can’t detect or respond to cyber-attacks in a reasonable timeframe. It’s also fair to say that things are getting worse—just ask any organization using SolarWinds for network monitoring.

    Recognizing the need for better mousetraps, the security technology industry is proposing eXtended Detection and Response (XDR) as a possible solution. I posted a blog about XDR last June where I defined the term and speculated on how the market would develop. As I suspected at the time, XDR innovation has steadily progressed, and I expect big things from the supply side for the remainder of the year.

    To be clear, XDR is still an emerging technology, not a panacea. Nevertheless, there’s a lot of industry innovation and investment going into XDR, and it may help organizations bolster security analytics efficacy, streamline security operations, and anchor their SOCs with a tightly integrated security operations and analytics platform architecture (SOAPA).

    Given its potential, organizations should have a game plan for XDR in 2021. I suggest that CISOs do the following:

    1. Cast a wide net with lots of upfront research. Only 24% of security professionals claim they are “very familiar” with XDR, which is understandable due to new technology and lots of confusing marketing. Given this knowledge gap, the first thing organizations should do is learn about all types of XDR: Platform-based (i.e., multiple controls with analytics and a control plane), software only (i.e., a software layer on top of existing controls), open XDR, etc. This will help the SOC team decide on a strategy where XDR can supplement or replace existing tools and processes. As a consolidation architecture, it’s likely that many existing and trusted vendors will be pitching XDR as an outgrowth of their EDR, NDR, or security analytics technology. At this early stage, CISOs should invite strategic security technology partners in to educate the security team on XDR and outline their product roadmaps. This should get the team up to speed and help them start to craft an XDR strategy.
    2. Identify organizational weaknesses and blind spots. Before moving forward with yet another threat detection and response technology, it’s worth digging into existing tools and processes to see what’s working and what’s not. Is the SOC team fully utilizing EDR, NDR, and SIEM or is there a skills or resource gap? Are there process bottlenecks that slow mean time to detect/mean time to respond to threats that have nothing to do with technology? If either of these things are true, SOAR and professional services may make more sense than another analytics tool. Since modern cyber-threats move laterally across networks, it’s also worth investigating if the organization has any weaknesses or blind spots when it comes to security monitoring. For example, ESG research pointed to security monitoring weaknesses related to public cloud infrastructure. In cases like this, XDR should start by improving cloud security visibility and integrating cloud security analytics with existing EDR, NDR, threat intelligence, etc.
    3. Pick a starting point for project planning. XDR is an architecture, not a product, so it may take a few years to fully deploy and configure XDR. That said, you must start somewhere. Based on the previous point, it’s not surprising that 43% of survey respondents speculated that their organization would start a project by implementing an XDR solution with threat detection and response capabilities for cloud-based workloads and SaaS. This is a reasonable starting point, but XDR technology can evolve from tactical to strategic coverage. Regardless of where an organization starts an XDR deployment, the security team must look forward, identify points of integration, map out engineering projects, and define a set of metrics it will use to measure XDR and project effectiveness.
    4. Use XDR to establish security operations best practices. Security operations are haphazard at many organizations, featuring many manual process and constant firefighting. Some SOC teams use SOAR to help them out of this mess, but SOAR platforms require staff resources and skills to create playbooks and code orchestration routines. XDR will likely act as a poor man’s SOAR by “canning” a lot of common security processes, which should be fine for most organizations. Some XDR platforms can also help organizations operationalize the MITRE ATT&CK framework—a big step forward. In selecting an XDR solution, CISOs should evaluate how each vendor supports and promotes security operations best practices and how well their organization can adapt to these changes.
    5. Get the IT operations team involved. Incident response requires strong collaboration and cooperation between security and IT teams. To support and improve the team effort, XDR platforms should adapt to existing process handoffs and integrate with existing security operations tools like ServiceNow, Jira, Microsoft OMS, etc. In other words, XDR projects should improve rather than disrupt existing data analysis, case management, incident prioritization, and mitigation efforts.

    Cybersecurity tends to suffer from what I call “shiny object syndrome.” A new technology comes along, and the industry goes gaga. When organizations flock to these new tools, however, they don’t take the time to fully learn the technologies or modify security operations to achieve the maximum benefit. XDR is an architecture that will take months or years to fully deploy, giving organizations time to do things right. Therefore, CISOs should amalgamate XDR into formal projects and future strategies. In this way, XDR can act as a cybersecurity force multiplier, not just the next buzzworthy topic at RSA and Black Hat.

    BTW: I’m excited about our new XDR research, so look for more blogs on this topic soon.

  • Juniper Enters 2021 Focused on Client-to-cloud Vision: Delivering Superior User Experiences for the AI-driven Enterprise

    ·

    Bob Laliberte

    The global pandemic significantly impacted organizations last year in many different ways. The biggest was undoubtedly the swift transition to work-from-home programs and the need to stand up technology to enable this shift. As a result, many organizations reported that these efforts had dramatically accelerated their company’s digital transformation efforts. ESG research validates this acceleration and highlights that some of the top goals of organizations’ digital transformation initiatives are to drive greater operational efficiencies and deliver differentiated customer experiences. Therefore, it shouldn’t be a surprise that technology vendors are also accelerating their efforts to deliver solutions to enable greater operational efficiency to address the increasing complexity arising from a highly distributed IT environment. A great example of this vendor transformation can be seen in the steps taken by Juniper Networks.

    (more…)

  • Cybersecurity in the C-Suite and Boardroom

    ·

    Jon Oltsik

    As organizations embrace digital transformation initiatives, business outcomes become inexorably linked to technology areas like application development, cloud computing, and IoT devices. Therefore, these technology assets must be protected to ensure continuity of business operations. The link between cybersecurity and the business has led to an industry declaration that, “Cybersecurity is a boardroom issue.” This statement is true yet simplistic. Executives and corporate directors have a fiduciary responsibility to shareholders and/or owners, so they are ultimately responsible for everything that drives the business, including managing cyber-risk and safeguarding business-critical technology assets. That said, cybersecurity can be a highly technical discipline. This brings up a few questions: Do executives really understand cybersecurity and its role in the business? And as technology further dominates the business landscape, are they investing appropriately in cybersecurity and driving a cybersecurity culture throughout their organizations?

    To explore the answers to these and other questions, ESG surveyed 365 senior business, cybersecurity, and IT professionals at organizations in North America (US and Canada) and Western Europe (UK, France, and Germany) working at midmarket (i.e., 100 to 999 employees) and enterprise-class (i.e., more than 1,000 employees) organizations

    (more…)

  • Trends in Identity and Access Management

    ·

    Doug Cahill

    The broad adoption of public cloud services demands a retooling of identity and access management programs. Perimeter security must evolve from a traditional castle and moat model to one that focuses on cloud identities inclusive of service accounts, as well as individual users and the data they access. To protect sensitive cloud-resident data, cybersecurity and IT operations teams need to work with their line-of-business teams on strengthening identity programs with both the user experience and risk in mind.

    In order to gain insight into these trends, ESG surveyed 379 IT and cybersecurity professionals at organizations in North America (US and Canada) personally responsible for evaluating or purchasing identity and access management and cloud security technology products and services. This research aimed to understand the problem space, organizational responsibilities, compliance implications, and plans for securing user access to a wide portfolio of cloud services. The study also looked at the current and planned use of various authentication methods, privileged access management, device profiling, unified directories, user activity analytics, and service account protection.

    (more…)

  • Is Cybersecurity Really an Issue in the Boardroom and C-Suite?

    ·

    Jon Oltsik

    GettyImages-637920192Somewhere around 2015, the security industry adopted a new mantra, “cybersecurity is a boardroom issue.” This statement was supported by lots of independent research, business press articles, webinars, local events, and even sessions at RSA and Black Hat crowing about the burgeoning relationship between CISOs, business executives, and corporate boards.

    At the beginning of last year, I noticed that boardroom buzz about cybersecurity hadn’t really changed over the past 5 years – same old tired rhetoric and hyperbole. Hmm. Certainly, things must have progressed in that 5-year timeframe, right?

    (more…)

  • Network Security Predictions for 2021

    ·

    John Grady

    Enterprise Strategy Group’s John Grady outlines seven network security predictions for 2021, including:

    • Remote work and zero trust access will remain top drivers for SASE through next year.
    • The appliance market evolves to remain relevant.
    • Runtime application security continues to converge.
    • API protection gets its due attention as part of WAAP.

    For more predictions and a look back at how significant 2020 was for network security, download the full brief.

    Download Now
    If you’re interested in learning more or would like to discuss these findings with an analyst, please contact us.

  • Trends in IAM: Cloud-driven Identities

    ·

    Doug Cahill

    ESG’s Master Survey Results provide the complete output of syndicated research surveys in graphical format. In addition to the data, these documents provide background information on the survey, including respondent profiles at an individual and organizational level. It is important to note that these documents do not contain analysis of the data.

    This Master Survey Results presentation focuses on current identity and access management (IAM) challenges and threats, as well as strategies and buying intentions, including assessing the prioritization of IAM and identity governance and administration (IGA) technologies.

    (more…)

  • Securing Modern Application Development Environments

    ·

    Dave Gruber

    DevSecOps has moved security front and center in the world of modern development; however, security and development teams are driven by different metrics, making objective alignment challenging. This is further exacerbated by the fact that most security teams lack an understanding of modern application development practices. The move to microservices-driven architectures and the use of containers and serverless have shifted the dynamics of how developers build, test, and deploy code. As a result, a convergence of application security tools is underway. Organizations are overwhelmed with the amount of and overlap in issues raised from multiple testing tools, complicating prioritization and mitigation, so integrated application security platforms are desired.

    In order to gain insight into these trends, ESG surveyed 378 IT, cybersecurity, and application development professionals at organizations in North America (US and Canada) involved with securing application development tools and processes.

    (more…)

  • SOAPA Interview with ThreatQuotient, Part 2 (Video)

    ·

    Jon Oltsik

    In continuing my chat with Marc Solomon, CMO of ThreatQuotient, Marc and I discuss:

    1. SOC integration. At its heart, SOAPA is an integrated heterogenous technology architecture for security operations, so I ask Marc how integration plays into ThreatQ’s strategy. Marc mentions that the platform includes bi-directional integration where ThreatQ consumes and provides data. What type of data? External threat data, enriched data, event data, etc. ThreatQuotient can be used as a SOAPA data broker, acting as the single source of truth for security operations.
    2. ThreatQuotient has some SOAR functionality so I ask Marc about process automation. Marc says that while SOAR has been out for a while, he still sees most companies automating basic tasks, so there’s a general state of immaturity. Marc is bullish about more process automation in the future however and everything starts with the data.
    3. Are we moving toward SOC visualization consolidation? One of the biggest SOC bugaboos is the need to view security through multiple UIs. Personally, I believe that SOC visualization is the next frontier with new tools acting as a standard workbench for multiple activities. Marc agrees but reminds us not to forget about specialization. Yes, there will be more UI consolidation but there will always be specialized tools and SOC analysts using these tools will want to work with within their UIs. Once again, Marc points to the data. If the data is normalized, consistent, and available, it will be useful regardless of how you view it.
    4. My colleague Dave Gruber and I have done a lot of research in this area while Marc has looked at XDR through the lens of ThreatQ. In Marc’s view, XDR is long overdue to combine the threat detection power of multiple different technologies into a single system. Marc still believes that these analytics will need tools like ThreatQuotient to act as a SOAPA data hub and broker, while XDR takes more control of the analytics layer.
    5. The future of SOAPA. Marc believes SOAPA is the future of security operations as tools like ThreatQ bring in more data sources, opening the SOC to new use cases.

    Thanks again to Marc Solomon and ThreatQuotient for participating in the SOAPA video series. Look for more videos in 2021.

  • SOAPA Interview With Marc Solomon of ThreatQuotient, Part 1

    ·

    Jon Oltsik

    Mark Solomon, CMO of ThreatQuotient. and I had a chance to get together and talk SOAPA recently. In part 1 of our video, Marc gives a brief description about what ThreatQ does and then we proceed to chat about:

    1. What’s the deal with cyber threat intelligence (CTI)? For every SOC manager who tells me that threat intelligence is the foundation of security operations, another says that his or her organization struggles to operationalize threat intelligence. What’s going on here? Marc believes the term “threat intelligence” is somewhat poisoned and meaningless today. The real key is to collect, process, analyze, and act upon the CTI that aligns with your organization’s infrastructure, industry, location, etc., and then integrate it into every aspect of security ops.
    2. Use cases for ThreatQuotient. ThreatQ is lumped into a bucket called threat intelligence platforms (TIPs) but I know the product can do more than just weed through threat feeds. Marc says that 70% of customers use ThreatQ for other use cases like alert triage, incident response, phishing investigations, etc. ThreatQuotient is kind of a swiss army knife for SOAPA.
    3. Alert fatigue. I mention to Marc that ESG data points to an overwhelming volume of alerts and ask if this is consistent with what he is seeing. Marc agrees but reminds the audience that security is a big data problem. Therefore, it’s about normalizing and contextualizing the data to make it useful. By doing so, you can improve fidelity, accelerate processes, enhance collaboration, and see real ROI on security investments.
    4. SOC modernization. This term has become yet another piece of industry hyperbole, so I asked Marc what he thinks. To Marc, it all starts with the data, but the data tends to be siloed and in different formats today. Thus, SOC modernization starts with data normalization, integrated defenses, and a focus on enabling the SOC staff. Marc also emphasized the need for more process automation, process maturity, and improved collaboration processes and tools.

    Marc’s an old hand at security so it was great to kibbitz with him about SOAPA. More soon in part 2 of our video.

  • Modern Application Development Security

    ·

    Enterprise Strategy Group

    ESG’s Master Survey Results provide the complete output of syndicated research surveys in graphical format. In addition to the data, these documents provide background information on the survey, including respondent profiles at an individual and organizational level. It is important to note that these documents do not contain analysis of the data.

    This Master Survey Results presentation focuses on the purchasing intentions, investment habits, and deployment practices of security solutions with respect to the deployment and management of application security

    (more…)