“This research offers insights into the priorities of security leaders, the day-to-day struggles they face and their ambition to support the business through change,” said Ashok Sankar, Vice President of Product and Solutions Marketing at ReliaQuest. “While it’s positive to see more leaders engaging in strategic approaches to securing their organization, as they look to implement programs like Zero Trust – which can be a multi-year journey – it’s important to keep their energy focused on the fundamentals of cybersecurity. Visibility, metrics and process aren’t sexy, but they are the building blocks of a resilient security program.”

Sankar added: “As organizations seek to digitally transform their business and adapt to hybrid work, it’s critical that security teams are not only aligned on goals, but also have the proper resources to drive resilient security operations, setting the enterprise up for long-term success.”

Key insights include:

Security leaders are committed to a stronger risk-based security posture

• 57% of respondents are prioritizing securely migrating applications to the cloud.
• Almost half (49%) of security leaders are enabling DevSecOps best practices.
• 48% of organizations surveyed are prioritizing implementing Zero Trust principles as part of their security strategy.

Security teams are not aligned on their security program or metrics

• The primary obstacle to implementing an IT security risk management program is a lack of standardized metrics to measure progress (64%), followed by the lack of a risk management strategy and decision-making structure (58%).
• 58% of respondents say that the lack of a well-defined security and risk management program is what makes their organization most vulnerable to attacks, but only 31% consider developing a risk-reduction program a top security priority.
• Only a third (37%) of those surveyed believe that their teams are tracking the right security metrics and that it is easy to communicate them to business executives and board members.
• Only about half (49%) rate developing business goal–oriented metrics as one of the top priorities for the next year.

Security teams are inhibited by process and operational inefficiencies

• 31% of respondents report their security staff spends at least 3 hours a day manually administering and managing (optimization, writing rules, integrating) tools.
• The majority (57%) of organizations have one staff member managing more than four tools in their organizations. Only 17% have one staff member assigned to manage a single tool.
• 52% agree that their team is spending too much time on data collection activities instead of threat detection and analysis.

Poor enterprise-wide visibility is the main culprit behind risk exposure

• Only 13% say they have more than 75% visibility across all security tools, including on-premises and the cloud. 69% believe they have less than 50% visibility across all security tools, including on-premises and the cloud.
• Only about one-third (36%) say they are measuring visibility across the environment, including on-premises and the cloud.

The full report is available to download here.

Ponemon Research and ReliaQuest will host a webinar to review the findings in greater detail. To register for the online webinar, please visit online experiences.

Methodology
More than 1,000 security leaders were surveyed in the United States (632) and United Kingdom (391) who are familiar with the organizations’ security operations and strategy. Participants in this research are knowledgeable about their organizations’ efforts in attaining a risk-oriented security posture. Most respondents are involved in implementing solutions (61 percent) followed by evaluating solutions (48 percent). The report presents the consolidated U.S. and U.K. research findings.

Image licensed by pexels.com

Related News:

ReliaQuest Awarded Patent Recognizing Data Comparison Capabilities

Survey Finds 76% of Enterprises Have Already Adopted a Multi-Cloud Strategy According to HashiCorp’s Inaugural State of Cloud Strategy

The post Organizations Are Prioritizing Cybersecurity Initiatives But Are Dragged Down By Lack Of Fundamentals, New ReliaQuest Study Reveals appeared first on Digital IT News.

The post PC Matic Selected by NIST’s National Cybersecurity Center of Excellence to Demonstrate Zero Trust Architectures appeared first on Digital IT News.

OneLogin’s Delegated Administration tool allows organizations to adopt the principle of least privilege access to enable their Zero Trust framework. Organizations can improve their security footpoint by granting only the level of access needed to get the job done. By having the ability to provide refined admin privileges based on any combination of user, app, and role, companies can easily balance security with the need to enable the business.

According to a recent survey of over 700 technology leaders conducted by OneLogin, 75% of organizations agree that a Zero Trust model is key to breach prevention. Nevertheless, less than 12% of organizations actually have a strategy in place. In fact, 66% of respondents have admitted that some or a few users are being granted access privileges beyond what they require. Eighteen percent conceded that all their users have excessive privileges.

“For organizations to adopt a Zero Trust framework, they must embrace the concept of least privilege access, meaning users are only given the minimum levels of access needed to perform their job. However, maintaining this baseline is challenging when organizations must accelerate employee productivity. As a result, IT and Security teams are challenged with balancing the operational needs of the business and maintaining a strong security posture,” said Damon Dean, Chief Product Officer, OneLogin. “OneLogin’s Delegated Administration enables organizations to adopt the Zero Trust principle of least privilege access. Delegating simpler IT tasks to business units, departments, or teams, alleviates the burden on IT to support access requests and, thereby, reduces costs, saves time and ultimately protects their organization against security threats.”

OneLogin’s Delegated Administration offers organizations three unique capabilities:

1. Enforce the Zero Trust principle of least privilege across your entire ecosystem: Organizations increase their security posture by better controlling their user permissions, users are more productive because they have the access they need to do their job, and IT teams will be freed from having to regularly audit privileges that are too wide-ranging.
2. Significantly reduce the risk of privileged account takeover: Reducing the attack surface, especially within privileged access, significantly strengthens your organizations’ security posture and enables a key element of the Zero Trust Framework. Plus, Delegated Administration is a huge relief and peace-of-mind for security teams who are constantly on the watch for risks like over-privileged users.
3. Save time and reduce costs with automated role-based privilege assignment: Employees will have the right amount of privileges for their job on day one, giving them a jumpstart on productivity. Central IT will improve security and increase productivity simultaneously.

For more information, visit the OneLogin Zero Trust Resource Center.

Image licensed by pixabay.com

Related News:

Your Boss is Your Biggest Cyber-threat, Global Remote Work Survey Finds

Palo Alto Networks Introduces Complete Zero Trust Network Security

The post OneLogin Eases Adoption of Zero Trust Framework with Delegated Administration appeared first on Digital IT News.

a leader in The Forrester Wave: Zero Trust

The post Palo Alto Networks Introduces Complete Zero Trust Network Security appeared first on Digital IT News.

Even before the COVID-19 pandemic, the “Unbound Enterprise” began to emerge, with operations freed from physical or network infrastructures. The pandemic accelerated this trend, and while some changes made in 2020 were tactical, the significant shift in perception will have far-reaching consequences. Leaders now see cybersecurity as the key to business advantage with 45% stating they have greatly accelerated digital transformation as a result of the pandemic, 48% reporting cybersecurity’s bigger role in enabling innovation and 41% agreeing that it delivers a competitive edge.

“Industry leaders are emphatically pointing to a very different future for cybersecurity,” said Nicolas Fischbach, global CTO and vice president of SASE engineering at Forcepoint. “When 90% of leaders believe the biggest challenge is securing anywhere workers and cloud services, it’s clear that infrastructure- or access-oriented security tools can no longer keep up with the needs of today’s unbound enterprise.”

SASE is the new de facto standard for cyber

The research revealed clear indications of how decentralized organizations will develop, with 48% substantially increasing the use of cloud-based cybersecurity systems and 58% recognizing the need for a more integrated trust framework. Ninety percent of CEOs have either already adopted SASE (43%) or are currently evaluating SASE with a view to adopt (47%) while 39% have accelerated their adoption of Zero Trust architectures.

Converged, cloud-driven approaches will offer huge advantages as remote workers will have even more autonomy to innovate and drive business, but it also means that leaders must find new ways to secure distributed workforces and cloud applications, and drive collaboration and creativity.

“As enterprises operate their business in a world with seemingly endless options, cybersecurity professionals will need to evolve their roles,” commented Elizabeth Nann, Executive Director of Global Consumer Insights at Wall Street Journal Intelligence. “The research showed that CISOs adapted existing strategy, while the pandemic has really opened the eyes and changed the views of CEOs. This suggests that teams now better understand the importance of an integrated security framework with the agility to adapt to a continuously evolving environment – but not everyone has that in place yet.”

The global survey of 508 CEOs and CISOs from industries including healthcare/life science, finance and retail uncovered key findings such as:

Business and Security Landscape Forever Changed: Cybersecurity now Permanently in the Boardroom

• 74% reallocated funds to cybersecurity programs during COVID-19
• 53% recognized the need to more tightly integrate cybersecurity capabilities across traditional product boundaries

Moving to Integrated Security to Protect Distributed Enterprises

• 58% see a need for an integrated “Trust Framework” to accommodate dispersion of users and devices
• 48% substantially increased cloud-based cybersecurity systems
• 43% agreed they were challenged to manage an array of products from large number of vendors

SASE Acceleration – CEOs and CISOs are Bullish on SASE

• While analysts have estimated 40% of enterprises would embrace SASE by 2024, the WSJ Intelligence report found that COVID may have accelerated this timeline
• 90% of CEOs and 84% of CISOs indicated they have already adopted or were on a path to adopt SASE

For more CEO and CISO insights from The C-Suite Report: Business and Security Strategies for Today’s Unbound Enterprise please visit this page to download the report.

Image Licensed by Adobe Stock

Related News: 

ControlUp Expands Portfolio of VMware Solutions to Monitor End User Connectivity

Trend Micro Launches First and Only SecOps Solution to Slay Open Source Code Bugs

The post WSJ Intelligence and Forcepoint Survey: CEOs and CISOs Doubling Down on Cybersecurity, Converged Approaches appeared first on Digital IT News.

With two-thirds of respondents relying on legacy access solutions, such as virtual private networks (VPN) or virtual desktop infrastructure (VDI), it was not surprising that 69% said application access was a primary or secondary consideration for zero trust in 2021.

“Coming into this year, we were committed to moving away from our VPN solution,” according to Scott Rheins, Information Technology Security Architect. “When COVID-19 hit, it only validated this decision. With Axis, we were able to deploy immediately at scale. Agentless remote desktop access makes it so easy to grant access to remote users and the added security has been a huge benefit because of the increase in attacks targeting RDP this year. We are deriving a lot of business value from the Axis Zero Trust approach. It is fundamentally more secure and delivers a far better user experience than a VPN.”

“The survey made clear that the rapid expansion of secure remote access requirements for employees and third parties was a significant operational challenge,”  said John Grady, ESG Research senior analyst, network security. The benefits of transitioning from legacy approaches to zero trust network access were also clear as it was perceived as the most effective of all the tools used to support zero-trust initiatives.”

“Axis Security’s agentless-first approach enables rapid deployment and broad coverage for many key use cases cited by survey respondents including remote access for third-parties,” said Dor Knafo, co-founder and CEO of Axis Security. The time is now to replace legacy access technologies such as VPNs, virtual desktop infrastructure (VDI) and inline cloud access security broker (CASB) services using a single zero trust cloud platform,” said Dor Knafo, co-founder and CEO of Axis Security.

To learn more about zero trust challenges and opportunities, download the full report

Image Licensed by Pixabay.com

Related News:

Portworx by Pure Storage Teams with IBM to Help Enterprises Manage Hybrid Cloud Workloads

39% of Healthcare Organizations Suffered Ransomware Attacks in the Cloud in 2020

The post Secure Remote Access is a Top Zero Trust Priority for 2021 According to New ESG Research Survey appeared first on Digital IT News.

FortiOS Powers the Industry’s Highest-Performing Cybersecurity Platform

The explosion of network edges – across data center, WAN, LAN, LTE, off-net, compute, operational technology, CASB, SASE, internet, and most recently the home edge – has expanded and splintered the perimeter across the entire infrastructure. Security that can keep pace with changes to the network and today’s performance requirements while delivering holistic visibility, data, analysis, detection, and timely coordinated response against cyberattacks requires an integrated platform approach.

The Fortinet Security Fabric is the industry’s highest-performing cybersecurity platform, powered by FortiOS to enable consistent and flexible security across the entire attack surface. With more consumption models than any other vendor – physical, virtual, cloud, and as-a-Service, across the largest product portfolio – spanning network security and SD-WAN, switching and wireless access, network access control, authentication, public and private cloud security, endpoint security, and AI-driven advanced threat protection solutions – all built on a common operating system, Fortinet empowers organizations of any size to secure and simplify their IT infrastructure.

What’s new in FortiOS 7.0

Major updates in FortiOS 7.0 tackle some of today’s biggest security challenges related to work from home, securing the SASE edge, and more, and expand across the following key areas:

Zero Trust Access

• Zero Trust Network Access for Remote Access and Application Control: FortiOS 7.0 enables every FortiGate customer to employ Zero Trust Network Access (ZTNA) capabilities out of the box, making Fortinet the only vendor to enable firewall-based ZTNA. ZTNA enabled by FortiOS 7.0 improves user experience by supporting the evolution of better remote access to replace traditional VPN. It also reduces the attack surface by verifying the user and device for every application session, while hiding business-critical applications from the internet. ZTNA from Fortinet further simplifies management by using the same access policy no matter where users are, whether on- or off-network.

Security-Driven Networking

• Consistent Security Everywhere with SASE: Fortinet gives enterprises the flexibility needed to enable their workforce to work from anywhere with consistent, enterprise-grade security delivered on-premises – and now, via cloud-based SASE consumption (Security-as-a-Service). Off-network remote users benefit from the same level of security no matter where they are located. Customers that prefer a light-weight simplified branch (Thin Edge) are also supported via SASE.
• New Self-Healing SD-WAN Capabilities: Fortinet’s leading Secure SD-WAN solution now includes self-healing capabilities through adaptive WAN remediations to make the application experience more resilient. Fortinet has also expanded its passive application monitoring for SaaS and multi-cloud applications for better user-experience to support users working from anywhere.
• Expanding the LTE Edge with 5G: Fortinet is extending network connectivity and security beyond the WAN Edge with innovations in 5G and LTE that improve wireless network performance and increase resiliency. With a diverse Wireless WAN and LTE offering, organizations can achieve secure, scalable, and highly available network connectivity anywhere.

Adaptive Cloud Security

• Optimized Performance and Security Across Multi-cloud Deployments: Organizations today struggle to manage and optimize application access and overall performance across multi-cloud environments. With the introduction of FortiOS 7.0, Fortinet’s adaptive cloud security offerings now provide central management for hybrid clouds with auto-scaling for practical usage of resources, dynamic load-balancing, and application user experience visibility – all designed to proactively improve overall performance and security within and across clouds.

NOC/SOC

• Improved NOC and SOC Operational Efficiency: FortiOS 7.0 introduces new and expanded capabilities that offer network security teams of all sizes and sophistication more options to improve operational efficiency, including FortiManager/FortiAnalyzer integrations with the latest release of FortiSOAR as a container to fully orchestrate an organization’s security processes. New updates also simplify SaaS management and strengthen Fortinet’s ability to reduce the complexity of operations into a single management experience via FortiCloud. For organizations who wish to leverage our industry-leading security expertise to augment their operational teams, Fortinet now offers SOC-as-a-Service and NOC Best Practice Service.

FortiGuard Labs Threat Intelligence

• Web Protection Optimized for Work-from-home: The FortiGuard security service portfolio includes a rich set of advanced security capabilities for content, users, devices, web access, and applications protection. With FortiOS 7.0, Fortinet enhances its already rich web protection offering with industry-first video filtering to provide even more granular protection for the video-intense content consumption patterns driven by the increase in work-from-home.

Availability of FortiOS 7.0

FortiOS 7.0 will be available at the end of Q1 2021.

Supporting Quotes

“Throughout over a decade of partnership with Fortinet, we have developed and delivered a range of comprehensive solutions for organizations across the globe, and we share a commitment to securing the network transformation required for a distributed and remote workforce model. Together, we can provide organizations with secure access to the applications and workloads that they need to drive their business forward, while extending security and zero trust application access controls from the WAN Edge to the Cloud Edge (SASE). We look forward to continuing to work together to enable organizations to be more agile and secure.”
– Kevin Brown, Managing Director, BT Security

“The Fortinet Security Fabric allows us to offer an actual security platform that grows and flexes with our customers. It’s a breath of fresh air for those who are often sold one-off products that solve a single problem. What’s more, Fortinet is a partner we can trust to be at the forefront of security innovation, as FortiOS 7.0 and new capabilities for work from home, SASE and ZTNA demonstrate.”
– Shawn Waldman, CEO, Secure Cyber Defense

“Fortinet’s platform approach to cybersecurity has been an integral part of our digital innovation efforts. As our business grows, Fortinet has a solution that integrates into our existing deployment, helping us save time, cut costs, and keep our hybrid network secure.”
– Alex Fuchs, Director of IT, The Paper Store

Image licensed by Unsplash.com

Related News:

Zscaler Launches Security Assessment Program for Navigating SolarWinds Cyberattack

Palo Alto Networks Achieves New FedRAMP Authorization including Prisma Cloud, Cortex XDR and Cortex Data Lake

The post Fortinet Delivers SASE and Zero Trust Network Access Capabilities appeared first on Digital IT News.

Notably, the report revealed 52% of organizations experienced a malware incident on a remote device in 2020, up from 37% in 2019. Of devices compromised by malware in 2020, 37% continued accessing corporate emails and 11% continued accessing cloud storage, highlighting a need for organizations to better configure business tools to ensure fast and safe connectivity for all users in 2021. Other findings include:

• In 2020, 28% of organizations were regularly utilizing an operating system with a known security vulnerability.
• Relative to pre-pandemic times, there has been an increase of up to 100% in connections to inappropriate content during office hours.
• Android devices were 5.3x more likely to have a vulnerable app installed than iOS devices.
• At their peak during the weekend, phishing attacks were 6% more frequent than during the weekday peak.
• In 2020, 4% of users connected to a risky hotspot each week, down from 7% in 2019, however;
• 15% of organizations had at least one device using an app that leaked password data, up from 11% in 2019.

“2020 saw businesses struggle to transition to fully remote operations while maintaining productivity and security. It’s clear that secure remote access is imperative for organizations across industries,” said Eldar Tuvey, CEO and founder of Wandera. “As we embrace a new era of work, legacy remote access tools should be abandoned in favor of a modern SASE security strategy based on zero trust.”

For more information and a checklist for developing a holistic strategy for secure remote access, download the full report.

Image licensed by Pixabay.com

Related News:

New research reveals IT professionals’ growing confidence in public cloud despite security concerns

IGEL Launches the UD Pocket2, a Portable Dual Mode USB Device for Secure End User Computing from Anywhere

The post Wandera Report Reveals 41% Increase in Malware Incidents on Remote Devices in 2020 appeared first on Digital IT News.