Markets

Our seasoned analysts couple their industry-leading B2B research with in-depth buyer intent data for unparalleled insights about critical technology markets.

Overview

Business Applications

Cybersecurity

Data Management, Analytics & AI

Infrastructure, Cloud & DevOps

Services

Clients trust us across their GTMs—from strategy and product development to competitive insights and content creation—because we deliver high-quality, actionable support.

Overview

Insights

Browse our extensive library of research reports, research-based content, and blogs for actionable data and expert analysis of the latest B2B technology trends, market dynamics, and business opportunities.

Insights
Contact Us

Cybersecurity & Networking

  • Digital Work Survey: Cybersecurity Takeaways

    ·

    John Grady

    GettyImages-988469836Enterprise Strategy Group recently completed an interesting study where, rather than surveying IT buyers and practitioners as is normally the case, we targeted employees in non-IT roles like sales, human resources, marketing, and finance. This provided a view of how the typical worker thinks about technology and the impact it has on their professional life. While a lot of the survey focused on end-user focused processes and technologies (mobile devices, applications, voice assistants), respondents were also asked for their perspectives on cybersecurity.

    The cybersecurity results are reviewed in detail in this ESG Brief, but some of the high level takeaways included:

    • Threats are exacerbated by risky employee behavior – between one in five and one third of employees report downloading personal applications to work devices, sharing sensitive information on public Wi-Fi networks, or disabling/removing AV software. The numbers are even higher for certain types of workers (mobile, senior managers, younger). When cybersecurity best practices get in the way of productivity or convenience, workers will obviously cut corners.
    • Passwords remain an issue – nearly three-quarters of workers report reusing passwords at least occasionally. This isn’t surprising due to device and application sprawl, but is still worrisome. Single sign-on/password manager technologies are at the top of the list for technologies that workers want to alleviate the frustrating and productivity draining process of managing multiple passwords.
    • Awareness training is becoming more common, but is still not pervasive – 60% of workers report participating in required cybersecurity training, but only 43% said it was a recurring practice. Companies don’t want to burden their employees with unnecessarily or unproductive trainings. However, when done right, cyber awareness training can make an impactful difference. But this requires going past just checking the box and creating an iterative program of training and testing to focus on the most vulnerable vectors and employees.

    Overall, my takeaway was that cybersecurity vendors need to spend more time on the user aspect of security. Accounting for the views of those that are on the top line will become increasingly important as cybersecurity continues to move into the mainstream. That’s happened within the IT department, but there’s still room to grow among the non-IT employee base.

  • Taking the Pulse of Employee Cybersecurity Habits

    ·

    John Grady

    Cybersecurity clearly has the attention of IT departments and executives. High-profile attacks and the resulting direct and indirect costs associated with security breaches have helped drive awareness over the last decade and give security practitioners a louder voice in the organization. However, the average worker is more concerned with maintaining productivity and convenience in their increasingly overlapped work and personal life. Cybersecurity solutions must begin to deliver the technology experience workers demand.

    (more…)

  • Impact of Containers on the Network

    ·

    Bob Laliberte

    The rapid adoption of containers to support modern application environments is having a significant impact on IT and the underlying technology. This is especially true for the network team, where container adoption is impacting existing network architectures and creating new challenges. As is the case with most transitions, there is a temptation to resist change, but as time and previous technology transformations have demonstrated, these changes must be embraced. Organizations need to ensure that the network is in a position to accelerate the adoption of new technologies.

    (more…)

  • Container Usage Trends

    ·

    Bob Laliberte

    Hybrid has become the de facto cloud strategy for most organizations and will likely remain so for the foreseeable future. At the same time, there is a lot of discussion in the market regarding modern or cloud-native application environments as organizations look to shift from infrastructure-focused to application-centric management, but what is the reality of container environments in enterprises? ESG research confirms that not only has the adoption of containers been steady—and will continue to be—but also that this usage will play an increasing role in supporting production application environments.

    (more…)

  • The rise of cloud-based security analytics and operations technologies

    ·

    Jon Oltsik

    Security analytics and operations can be complex, requiring highly skilled professionals and detailed processes. To overcome these issues, security teams tend to deploy an array of security analytics tools and technologies to collect, process, analyze, and act upon growing volumes of security telemetry. Despite this investment, however, many organizations continue to find it difficult to manage cyber risk or detect and respond to cyber incidents.

    How can CISOs address these issues and develop effective security analytics and operations processes? In order to get more insight into these trends, ESG surveyed 406 IT and cybersecurity professionals at organizations in North America (US and Canada) involved with the planning, implementation, and/or operations of their organization’s information security policies, processes (including purchase decisions), or technical safeguards and familiar with their organization’s collection and/or analysis of security data in support of information security management strategy

    (more…)

  • Trends in Modern Application Environments

    ·

    Bob Laliberte

    ESG conducted a comprehensive online survey of IT professionals and software developers at private- and public-sector organizations in North America (US and Canada) between June 7, 2019 and June 17, 2019. To qualify for this survey, respondents were required to be responsible for supporting their organization’s application development environment, including their plans and strategy for containers technology. All respondents were provided an incentive to complete the survey in the form of cash awards and/or cash equivalents.

    This Master Survey Results presentation focuses on the current state of application development architectures and methodologies in use in enterprise environments, specifically usage of and plans for containers technology.

    (more…)

  • Cloud-scale Security Analytics Survey

    ·

    Jon Oltsik

    ESG’s Master Survey Results provide the complete output of syndicated research surveys in graphical format. In addition to the data, these documents provide background information on the survey, including respondent profiles at an individual and organizational level. It is important to note that these documents do not contain analysis of the data.

    This Master Survey Results presentation focuses on the current strategies used for security analytics and operations, including the impact of public cloud resources for processing and storing large and fast growing volumes of security data.

    (more…)

  • Cisco’s Plan to Build the Internet for the Future

    ·

    Bob Laliberte

    Last week, I attended Cisco’s #InternetForTheFuture event in San Francisco. This was a major announcement for Cisco and marked their entry into selling merchant silicon and optics developed by Cisco. Specifically, it announced Silicon One, the 8000 series portfolio with IOS XR7 and a line of optics solutions

    (more…)

  • Cybersecurity services – omnipresent and heavily invested in

    ·

    Enterprise Strategy Group

    ESG conducted an in-depth survey of 220 cybersecurity professionals concerning their organizations’ usage of, experiences with, and future plans for cybersecurity services. Survey participants represented small (50 to 99 employees), midmarket (100 to 999 employees), and enterprise-class (1,000 employees or more) organizations in North America (United States and Canada).

    This research report reveals how cybersecurity service providers can answer IT’s call for help with advisory, implementation, incident, outsourcing, testing, and specialty services, and also covers purchasing trends.

    (more…)

  • Seven Cybersecurity Take-aways from AWS re:Invent 2019

    ·

    Doug Cahill

    cybersecurityThe set of announcements at AWS’s annual re:Invent is always impressive, albeit a bit of a firehose for which AWS’s own Amazon Kinesis data streaming processing engine would be helpful. At last week’s AWS re:Invent, a seminal annual IT event only AWS can get away with scheduling the week after Thanksgiving, the company announced a number of important security capabilities, some small, some big, all customer-driven. Thematically, in addition to a clear focus on identity and access management features designed to help customers rein in their AWS identities and secure S3 buckets, AWS is clearly focused on enabling enterprise-class use cases. (more…)

  • Cybersecurity Predictions for 2020

    ·

    Doug Cahill

    The Enterprise Strategy Group cybersecurity analyst team got together recently to discuss our top predictions for 2020. This brief details our predictions in three categories: threats, technology, and the cybersecurity community (i.e., cybersecurity professionals and the industry at large).

    Download Now
    For more information or to discuss these findings with an analyst, please contact us.

  • Think Email Security Is a Commodity? Think Again.

    ·

    Dave Gruber

    email-securityGetting Email Security Right Is More Important than Ever Before

    With business email compromise racking up some of the largest financial theft associated with cyber-crime, and the relentless use of phishing as a means to trick users into handing over user credentials and other personal and sensitive data to bad actors, security organizations need to take a hard look at how their email security solutions are protecting against these issues.

    Between the move to cloud-delivered email solutions and the general belief that email security has become commoditized, few are prioritizing email security as a top investment priority for the coming year. Yet there’s a ton of innovation happening in email security to help fight phishing, business email compromise (BEC) attacks, and leakage of the sensitive data that lives within the vast array of email mailboxes.

    Email Continues as the Lifeblood of Communications

    As much as I’d like to say that email plays less of a role in today’s business communications, it continues to be the lifeblood of daily communications for most workers. In addition to communication, most workers use email as their “uber-filing-system,” packing away emails received and sent, with little regard for any sensitive data that exists within them. Further, email addresses often act as core identifiers that get reused to access multiple applications, with 63% of ESG research respondents reporting that they use the same password to access multiple work devices and/or applications.

    Traditional Email Security

    For a long time, email security was about preventing the transport of malware, as attackers leveraged email to trick users into executing various types of malware attachments to compromise an endpoint. While secure email gateways (SEGs) are commonplace to prevent these kinds of attacks, SEGs often lack the ability to protect against more advanced, modern, email-borne attacks.

    Email-borne Threats

    Over the past few years, new types of harder-to-identify threats have emerged, continuing to leverage techniques that fool workers, convincing them to open malicious attachments, click on malicious links, and carry out malicious actions as instructed by impersonated senders. These activities facilitate credential theft, PII theft, and the fraudulent transfer of money into the hands of criminals.

    Modern email-borne threats are facilitated by:

    1. Malware payloads/attachments – leading to ransomware delivery and botnet drone delivery, and used as an entry for more complex attacks that start with simple reconnaissance and lateral movement.
    2. Phishing attacks – leading to credential theft, PII theft, and business email compromise. Most include spoofed urls leading to fake copycat sites that capture credentials and other sensitive data (especially popular with Microsoft O365, Exchange, and OneDrive). Once stolen, credentials are often used in botnet-driven credential stuffing/replay attacks, counting on the reuse of the same username and password for multiple applications or websites.
    3. Impersonation attacks (sender spoofing)
      • Impersonation of third-party, popular services like Dropbox, Office365, and others often catch people off guard. These attacks can involve multiple, related emails, in the form of a campaign, used to establish trust, but ultimately are used for phishing, BEC, or other fraudulent activities.
    4. Business email compromise
      • BEC is often comprised of highly targeted, multi-step deceit, beginning with credential theft to provide context for criminals as they orchestrate believable conversations that ultimately lead to the fraudulent transfer of money and/or assets. Impersonating supply chain vendors is common here, as the transfer of large sums of money are commonplace.
    5. Sensitive data leakage (intentional and unintentional)
      • Intentional – Typically includes the theft of intellectual property and other sensitive data. Email is often used as the transport, forwarding company emails to personal email accounts.
      • Unintentional – Email clients make it easy to misaddress emails that result in sending sensitive data to the wrong person. Also commonplace is accidentally sending the wrong attachment that may include sensitive data.
      • Credential theft – When credentials are stolen, impostors gain access to email accounts where they can search for and easily exfiltrate sensitive data by forwarding or auto-forwarding emails to other locations.

    New Email Security Options

    Fortunately, new security solutions are rapidly becoming available that monitor for behaviors that align with these modern attacks. The use of natural language processing is enabling security solutions to track expected communications and content behaviors, warning or stopping malicious activities. Email sender verification using DMARC, DKIM, and SPF are helping organizations limit impersonation attacks.

    Next-gen email solutions from emerging security vendors like Valimail, Greathorn, Armorblox, and Abnormal Security together with market leaders like Mimecast, Proofpoint, Fortinet, Cisco, Symantec, and Trend Micro are leveraging these approaches to strengthen email security to protect against these plaguing email threats.

    The threat landscape associated with email is rapidly changing, so security teams need to pay close attention to ensure that their email security solutions can keep up. Don’t assume that your current SEG has you covered. Help is out there but focus and attention to this evolving threat vector is required.